fix contrib/<file>.md errors identified by markdownlint

fix docs/<file>.md errors identified by markdownlint
* docs/azure-csi.md * docs/azure.md * docs/bootstrap-os.md * docs/calico.md * docs/debian.md * docs/fcos.md * docs/vagrant.md * docs/gcp-lb.md * docs/kubernetes-apps/registry.md * docs/setting-up-your-first-cluster.md * docs/vagrant.md * docs/vars.md
2025-12-14 13:54:37 +03:00 · 2022-08-07 13:47:51 +00:00 · 2022-08-07 12:41:09 +00:00 · 2022-08-07 12:13:18 +00:00 · 2022-08-07 11:58:47 +00:00 · 2022-08-07 11:23:43 +00:00
550 changed files with 12514 additions and 14817 deletions
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -24,17 +24,7 @@ skip_list:
  # (Disabled in June 2021)
  - 'role-name'
  - 'experimental'
  # [var-naming] "defaults/main.yml" File defines variable 'apiVersion' that violates variable naming standards
  # In Kubespray we use variables that use camelCase to match their k8s counterparts
  # (Disabled in June 2021)
  - 'var-naming'
  - 'var-spacing'
  # [fqcn-builtins]
  # Roles in kubespray don't need fully qualified collection names
  # (Disabled in Feb 2023)
  - 'fqcn-builtins'
 exclude_paths:
  # Generated files
  - tests/files/custom_cni/cilium.yaml
--- a/.gitignore
+++ b/.gitignore
@@ -12,7 +12,6 @@ contrib/offline/offline-files.tar.gz
 *.bak
 *.tfstate
 *.tfstate.backup
 *.lock.hcl
 .terraform/
 contrib/terraform/aws/credentials.tfvars
 .terraform.lock.hcl
@@ -114,7 +113,3 @@ roles/**/molecule/**/__pycache__/
 # Temp location used by our scripts
 scripts/tmp/
 tmp.md
 # Ansible collection files
 kubernetes_sigs-kubespray*tar.gz
 ansible_collections
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,6 +1,5 @@
 ---
 stages:
  - build
  - unit-tests
  - deploy-part1
  - moderator
@@ -9,12 +8,12 @@ stages:
  - deploy-special
 variables:
-  KUBESPRAY_VERSION: v2.21.0
+  KUBESPRAY_VERSION: v2.19.0
  FAILFASTCI_NAMESPACE: 'kargo-ci'
  GITLAB_REPOSITORY: 'kargo-ci/kubernetes-sigs-kubespray'
  ANSIBLE_FORCE_COLOR: "true"
  MAGIC: "ci check this"
-  TEST_ID: "$CI_PIPELINE_ID-$CI_JOB_ID"
+  TEST_ID: "$CI_PIPELINE_ID-$CI_BUILD_ID"
  CI_TEST_VARS: "./tests/files/${CI_JOB_NAME}.yml"
  CI_TEST_REGISTRY_MIRROR: "./tests/common/_docker_hub_registry_mirror.yml"
  CI_TEST_SETTING: "./tests/common/_kubespray_test_settings.yml"
@@ -34,21 +33,20 @@ variables:
  ANSIBLE_LOG_LEVEL: "-vv"
  RECOVER_CONTROL_PLANE_TEST: "false"
  RECOVER_CONTROL_PLANE_TEST_GROUPS: "etcd[2:],kube_control_plane[1:]"
-  TERRAFORM_VERSION: 1.3.7
+  TERRAFORM_VERSION: 1.0.8
  ANSIBLE_MAJOR_VERSION: "2.11"
  PIPELINE_IMAGE: "$CI_REGISTRY_IMAGE/pipeline:${CI_PIPELINE_ID}-${CI_COMMIT_SHORT_SHA}"
 before_script:
  - ./tests/scripts/rebase.sh
  - update-alternatives --install /usr/bin/python python /usr/bin/python3 1
  - python -m pip uninstall -y ansible ansible-base ansible-core
-  - PIP_CONSTRAINT=tests/constraints.txt python -m pip install -r tests/requirements-${ANSIBLE_MAJOR_VERSION}.txt
+  - python -m pip install -r tests/requirements-${ANSIBLE_MAJOR_VERSION}.txt
  - mkdir -p /.ssh
 .job: &job
  tags:
    - packet
-  image: $PIPELINE_IMAGE
+  image: quay.io/kubespray/kubespray:$KUBESPRAY_VERSION
  artifacts:
    when: always
    paths:
@@ -78,7 +76,6 @@ ci-authorized:
  only: []
 include:
  - .gitlab-ci/build.yml
  - .gitlab-ci/lint.yml
  - .gitlab-ci/shellcheck.yml
  - .gitlab-ci/terraform.yml
--- a/.gitlab-ci/build.yml
+++ b/.gitlab-ci/build.yml
@@ -1,40 +0,0 @@
 ---
 .build:
  stage: build
  image:
    name: moby/buildkit:rootless
    entrypoint: [""]
  variables:
    BUILDKITD_FLAGS: --oci-worker-no-process-sandbox
  before_script:
    - mkdir ~/.docker
    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > ~/.docker/config.json
 pipeline image:
  extends: .build
  script:
    - |
      buildctl-daemonless.sh build \
        --frontend=dockerfile.v0 \
        --local context=. \
        --local dockerfile=. \
        --opt filename=./pipeline.Dockerfile \
        --output type=image,name=$PIPELINE_IMAGE,push=true \
        --import-cache type=registry,ref=$CI_REGISTRY_IMAGE/pipeline:cache
  rules:
    - if: '$CI_COMMIT_REF_NAME != $CI_DEFAULT_BRANCH'
 pipeline image and build cache:
  extends: .build
  script:
    - |
      buildctl-daemonless.sh build \
        --frontend=dockerfile.v0 \
        --local context=. \
        --local dockerfile=. \
        --opt filename=./pipeline.Dockerfile \
        --output type=image,name=$PIPELINE_IMAGE,push=true \
        --import-cache type=registry,ref=$CI_REGISTRY_IMAGE/pipeline:cache \
        --export-cache type=registry,ref=$CI_REGISTRY_IMAGE/pipeline:cache,mode=max
  rules:
    - if: '$CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH'
--- a/.gitlab-ci/lint.yml
+++ b/.gitlab-ci/lint.yml
@@ -14,7 +14,7 @@ vagrant-validate:
  stage: unit-tests
  tags: [light]
  variables:
-    VAGRANT_VERSION: 2.3.7
+    VAGRANT_VERSION: 2.2.19
  script:
    - ./tests/scripts/vagrant-validate.sh
  except: ['triggers', 'master']
@@ -39,28 +39,11 @@ syntax-check:
    ANSIBLE_VERBOSITY: "3"
  script:
    - ansible-playbook --syntax-check cluster.yml
    - ansible-playbook --syntax-check playbooks/cluster.yml
    - ansible-playbook --syntax-check upgrade-cluster.yml
    - ansible-playbook --syntax-check playbooks/upgrade_cluster.yml
    - ansible-playbook --syntax-check reset.yml
    - ansible-playbook --syntax-check playbooks/reset.yml
    - ansible-playbook --syntax-check extra_playbooks/upgrade-only-k8s.yml
  except: ['triggers', 'master']
 collection-build-install-sanity-check:
  extends: .job
  stage: unit-tests
  tags: [light]
  variables:
    ANSIBLE_COLLECTIONS_PATH: "./ansible_collections"
  script:
    - ansible-galaxy collection build
    - ansible-galaxy collection install kubernetes_sigs-kubespray-$(grep "^version:" galaxy.yml | awk '{print $2}').tar.gz
    - ansible-galaxy collection list $(egrep -i '(name:\s+|namespace:\s+)' galaxy.yml | awk '{print $2}' | tr '\n' '.' | sed 's|\.$||g') | grep "^kubernetes_sigs.kubespray"
    - test -f ansible_collections/kubernetes_sigs/kubespray/playbooks/cluster.yml
    - test -f ansible_collections/kubernetes_sigs/kubespray/playbooks/reset.yml
  except: ['triggers', 'master']
 tox-inventory-builder:
  stage: unit-tests
  tags: [light]
@@ -70,7 +53,7 @@ tox-inventory-builder:
    - apt-get update && apt-get install -y python3-pip
    - update-alternatives --install /usr/bin/python python /usr/bin/python3 10
    - python -m pip uninstall -y ansible ansible-base ansible-core
-    - PIP_CONSTRAINT=tests/constraints.txt python -m pip install -r tests/requirements.txt
+    - python -m pip install -r tests/requirements.txt
  script:
    - pip3 install tox
    - cd contrib/inventory_builder && tox
@@ -92,20 +75,6 @@ check-readme-versions:
  script:
    - tests/scripts/check_readme_versions.sh
 check-galaxy-version:
  stage: unit-tests
  tags: [light]
  image: python:3
  script:
    - tests/scripts/check_galaxy_version.sh
 check-typo:
  stage: unit-tests
  tags: [light]
  image: python:3
  script:
    - tests/scripts/check_typo.sh
 ci-matrix:
  stage: unit-tests
  tags: [light]
--- a/.gitlab-ci/molecule.yml
+++ b/.gitlab-ci/molecule.yml
@@ -4,7 +4,7 @@
  tags: [c3.small.x86]
  only: [/^pr-.*$/]
  except: ['triggers']
-  image: $PIPELINE_IMAGE
+  image: quay.io/kubespray/vagrant:$KUBESPRAY_VERSION
  services: []
  stage: deploy-part1
  before_script:
@@ -12,7 +12,7 @@
    - apt-get update && apt-get install -y python3-pip
    - update-alternatives --install /usr/bin/python python /usr/bin/python3 10
    - python -m pip uninstall -y ansible ansible-base ansible-core
-    - PIP_CONSTRAINT=tests/constraints.txt python -m pip install -r tests/requirements.txt
+    - python -m pip install -r tests/requirements.txt
    - ./tests/scripts/vagrant_clean.sh
  script:
    - ./tests/scripts/molecule_run.sh
--- a/.gitlab-ci/packet.yml
+++ b/.gitlab-ci/packet.yml
@@ -51,11 +51,6 @@ packet_ubuntu20-aio-docker:
  extends: .packet_pr
  when: on_success
 packet_ubuntu20-calico-aio-hardening:
  stage: deploy-part2
  extends: .packet_pr
  when: on_success
 packet_ubuntu18-calico-aio:
  stage: deploy-part2
  extends: .packet_pr
@@ -86,11 +81,21 @@ packet_ubuntu18-crio:
  stage: deploy-part2
  when: manual
-packet_fedora37-crio:
+packet_fedora35-crio:
  extends: .packet_pr
  stage: deploy-part2
  when: manual
 packet_ubuntu16-canal-ha:
  stage: deploy-part2
  extends: .packet_periodic
  when: on_success
 packet_ubuntu16-canal-sep:
  stage: deploy-special
  extends: .packet_pr
  when: manual
 packet_ubuntu16-flannel-ha:
  stage: deploy-part2
  extends: .packet_pr
@@ -146,28 +151,20 @@ packet_rockylinux8-calico:
  extends: .packet_pr
  when: on_success
 packet_rockylinux9-calico:
  stage: deploy-part2
  extends: .packet_pr
  when: on_success
 packet_rockylinux9-cilium:
  stage: deploy-part2
  extends: .packet_pr
  when: on_success
  variables:
    RESET_CHECK: "true"
 packet_almalinux8-docker:
  stage: deploy-part2
  extends: .packet_pr
  when: on_success
-packet_fedora38-docker-weave:
+packet_fedora36-docker-weave:
  stage: deploy-part2
  extends: .packet_pr
  when: on_success
-  allow_failure: true
+
 packet_opensuse-canal:
  stage: deploy-part2
  extends: .packet_periodic
  when: on_success
 packet_opensuse-docker-cilium:
  stage: deploy-part2
@@ -202,7 +199,7 @@ packet_almalinux8-calico-ha-ebpf:
  extends: .packet_pr
  when: manual
-packet_debian10-macvlan:
+packet_debian9-macvlan:
  stage: deploy-part2
  extends: .packet_pr
  when: manual
@@ -217,19 +214,24 @@ packet_centos7-multus-calico:
  extends: .packet_pr
  when: manual
-packet_fedora38-docker-calico:
+packet_centos7-canal-ha:
  stage: deploy-part2
  extends: .packet_pr
  when: manual
 packet_fedora36-docker-calico:
  stage: deploy-part2
  extends: .packet_periodic
  when: on_success
  variables:
    RESET_CHECK: "true"
-packet_fedora37-calico-selinux:
+packet_fedora35-calico-selinux:
  stage: deploy-part2
  extends: .packet_periodic
  when: on_success
-packet_fedora37-calico-swap-selinux:
+packet_fedora35-calico-swap-selinux:
  stage: deploy-part2
  extends: .packet_pr
  when: manual
@@ -244,21 +246,11 @@ packet_almalinux8-calico-nodelocaldns-secondary:
  extends: .packet_pr
  when: manual
-packet_fedora38-kube-ovn:
+packet_fedora36-kube-ovn:
  stage: deploy-part2
  extends: .packet_periodic
  when: on_success
 packet_debian11-custom-cni:
  stage: deploy-part2
  extends: .packet_pr
  when: manual
 packet_debian11-kubelet-csr-approver:
  stage: deploy-part2
  extends: .packet_pr
  when: manual
 # ### PR JOBS PART3
 # Long jobs (45min+)
--- a/.gitlab-ci/terraform.yml
+++ b/.gitlab-ci/terraform.yml
@@ -60,11 +60,11 @@ tf-validate-openstack:
    PROVIDER: openstack
    CLUSTER: $CI_COMMIT_REF_NAME
-tf-validate-equinix:
+tf-validate-metal:
  extends: .terraform_validate
  variables:
    TF_VERSION: $TERRAFORM_VERSION
-    PROVIDER: equinix
+    PROVIDER: metal
    CLUSTER: $CI_COMMIT_REF_NAME
 tf-validate-aws:
@@ -80,12 +80,6 @@ tf-validate-exoscale:
    TF_VERSION: $TERRAFORM_VERSION
    PROVIDER: exoscale
 tf-validate-hetzner:
  extends: .terraform_validate
  variables:
    TF_VERSION: $TERRAFORM_VERSION
    PROVIDER: hetzner
 tf-validate-vsphere:
  extends: .terraform_validate
  variables:
@@ -110,7 +104,7 @@ tf-validate-upcloud:
 #     TF_VAR_number_of_k8s_nodes: "1"
 #     TF_VAR_plan_k8s_masters: t1.small.x86
 #     TF_VAR_plan_k8s_nodes: t1.small.x86
-#     TF_VAR_metro: ny
+#     TF_VAR_facility: ewr1
 #     TF_VAR_public_key_path: ""
 #     TF_VAR_operating_system: ubuntu_16_04
 #
@@ -124,7 +118,7 @@ tf-validate-upcloud:
 #     TF_VAR_number_of_k8s_nodes: "1"
 #     TF_VAR_plan_k8s_masters: t1.small.x86
 #     TF_VAR_plan_k8s_nodes: t1.small.x86
-#     TF_VAR_metro: am
+#     TF_VAR_facility: ams1
 #     TF_VAR_public_key_path: ""
 #     TF_VAR_operating_system: ubuntu_18_04
--- a/.gitlab-ci/vagrant.yml
+++ b/.gitlab-ci/vagrant.yml
@@ -10,13 +10,13 @@
  tags: [c3.small.x86]
  only: [/^pr-.*$/]
  except: ['triggers']
-  image: $PIPELINE_IMAGE
+  image: quay.io/kubespray/vagrant:$KUBESPRAY_VERSION
  services: []
  before_script:
    - apt-get update && apt-get install -y python3-pip
    - update-alternatives --install /usr/bin/python python /usr/bin/python3 10
    - python -m pip uninstall -y ansible ansible-base ansible-core
-    - PIP_CONSTRAINT=tests/constraints.txt python -m pip install -r tests/requirements.txt
+    - python -m pip install -r tests/requirements.txt
    - ./tests/scripts/vagrant_clean.sh
  script:
    - ./tests/scripts/testcases_run.sh
@@ -43,12 +43,6 @@ vagrant_ubuntu20-flannel:
  stage: deploy-part2
  extends: .vagrant
  when: on_success
  allow_failure: false
 vagrant_ubuntu20-flannel-collection:
  stage: deploy-part2
  extends: .vagrant
  when: on_success
 vagrant_ubuntu16-kube-router-sep:
  stage: deploy-part2
@@ -61,7 +55,7 @@ vagrant_ubuntu16-kube-router-svc-proxy:
  extends: .vagrant
  when: manual
-vagrant_fedora37-kube-router:
+vagrant_fedora35-kube-router:
  stage: deploy-part2
  extends: .vagrant
  when: on_success
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,20 +1,5 @@
 ---
 repos:
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v3.4.0
    hooks:
      - id: check-added-large-files
      - id: check-case-conflict
      - id: check-executables-have-shebangs
      - id: check-xml
      - id: check-merge-conflict
      - id: detect-private-key
      - id: end-of-file-fixer
      - id: forbid-new-submodules
      - id: requirements-txt-fixer
      - id: trailing-whitespace
  - repo: https://github.com/adrienverge/yamllint.git
    rev: v1.27.1
    hooks:
@@ -28,14 +13,6 @@ repos:
        args: [ -r, "~MD013,~MD029" ]
        exclude: "^.git"
  - repo: https://github.com/jumanjihouse/pre-commit-hooks
    rev: 3.0.0
    hooks:
      - id: shellcheck
        args: [ --severity, "error" ]
        exclude: "^.git"
        files: "\\.sh$"
  - repo: local
    hooks:
      - id: ansible-lint
--- a/.yamllint
+++ b/.yamllint
@@ -3,8 +3,6 @@ extends: default
 ignore: |
  .git/
  # Generated file
  tests/files/custom_cni/cilium.yaml
 rules:
  braces:
--- a/2
+++ b/2
@@ -1 +1 @@
-kubespray.io
+kubespray.io
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -38,7 +38,7 @@ Vagrant with VirtualBox or libvirt driver helps you to quickly spin test cluster
 1. Submit an issue describing your proposed change to the repo in question.
 2. The [repo owners](OWNERS) will respond to your issue promptly.
 3. Fork the desired repo, develop and test your code changes.
-4. Install [pre-commit](https://pre-commit.com) and install it in your development repo.
+4. Install [pre-commit](https://pre-commit.com) and install it in your development repo).
 5. Addess any pre-commit validation failures.
 6. Sign the CNCF CLA (<https://git.k8s.io/community/CLA.md#the-contributor-license-agreement>)
 7. Submit a pull request.
--- a/73
+++ b/73
@@ -1,44 +1,37 @@
-# Use imutable image tags rather than mutable tags (like ubuntu:22.04)
+# Use imutable image tags rather than mutable tags (like ubuntu:20.04)
-FROM ubuntu:jammy-20230308
+FROM ubuntu:focal-20220531
 ARG ARCH=amd64
 ARG TZ=Etc/UTC
 RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
 RUN apt update -y \
    && apt install -y \
    libssl-dev python3-dev sshpass apt-transport-https jq moreutils \
    ca-certificates curl gnupg2 software-properties-common python3-pip unzip rsync git \
    && rm -rf /var/lib/apt/lists/*
 RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - \
    && add-apt-repository \
    "deb [arch=$ARCH] https://download.docker.com/linux/ubuntu \
    $(lsb_release -cs) \
    stable" \
    && apt update -y && apt-get install --no-install-recommends -y docker-ce \
    && rm -rf /var/lib/apt/lists/*
 # Some tools like yamllint need this
 # Pip needs this as well at the moment to install ansible
-# (and potentially other packages) 
+# (and potentially other packages)
 # See: https://github.com/pypa/pip/issues/10219
-ENV LANG=C.UTF-8 \
+ENV LANG=C.UTF-8
    DEBIAN_FRONTEND=noninteractive \
    PYTHONDONTWRITEBYTECODE=1
 WORKDIR /kubespray
 COPY *.yml ./
 COPY *.cfg ./
 COPY roles ./roles
 COPY contrib ./contrib
 COPY inventory ./inventory
 COPY library ./library
 COPY extra_playbooks ./extra_playbooks
 COPY playbooks ./playbooks
 COPY plugins ./plugins
-RUN apt update -q \
+WORKDIR /kubespray
-    && apt install -yq --no-install-recommends \
+COPY . .
-       curl \
+RUN /usr/bin/python3 -m pip install --no-cache-dir pip -U \
-       python3 \
+    && /usr/bin/python3 -m pip install --no-cache-dir -r tests/requirements.txt \
-       python3-pip \
+    && python3 -m pip install --no-cache-dir -r requirements.txt \
-       sshpass \
+    && update-alternatives --install /usr/bin/python python /usr/bin/python3 1
-       vim \
+
-       rsync \
+RUN KUBE_VERSION=$(sed -n 's/^kube_version: //p' roles/kubespray-defaults/defaults/main.yaml) \
-       openssh-client \
+    && curl -LO https://storage.googleapis.com/kubernetes-release/release/$KUBE_VERSION/bin/linux/$ARCH/kubectl \
-    && pip install --no-compile --no-cache-dir \
+    && chmod a+x kubectl \
-       ansible==5.7.1 \
+    && mv kubectl /usr/local/bin/kubectl
       ansible-core==2.12.5 \
       cryptography==3.4.8 \
       jinja2==3.1.2 \
       netaddr==0.8.0 \
       jmespath==1.0.1 \
       MarkupSafe==2.1.2 \
       ruamel.yaml==0.17.21 \
    && KUBE_VERSION=$(sed -n 's/^kube_version: //p' roles/kubespray-defaults/defaults/main.yaml) \
    && curl -L https://dl.k8s.io/release/$KUBE_VERSION/bin/linux/$(dpkg --print-architecture)/kubectl -o /usr/local/bin/kubectl \
    && echo $(curl -L https://dl.k8s.io/release/$KUBE_VERSION/bin/linux/$(dpkg --print-architecture)/kubectl.sha256) /usr/local/bin/kubectl | sha256sum --check \
    && chmod a+x /usr/local/bin/kubectl \
    && rm -rf /var/lib/apt/lists/* /var/log/* \
    && find /usr -type d -name '*__pycache__' -prune -exec rm -rf {} \;
--- a/2
+++ b/2
@@ -187,7 +187,7 @@
      identification within third-party archives.
   Copyright 2016 Kubespray
-
+   
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at
--- a/2
+++ b/2
@@ -5,4 +5,4 @@ approvers:
 reviewers:
  - kubespray-reviewers
 emeritus_approvers:
-  - kubespray-emeritus_approvers
+  - kubespray-emeritus_approvers
--- a/7
+++ b/7
@@ -8,9 +8,6 @@ aliases:
    - floryut
    - oomichi
    - cristicalin
    - liupeng0518
    - yankay
    - mzaian
  kubespray-reviewers:
    - holmsten
    - bozzo
@@ -19,10 +16,6 @@ aliases:
    - jayonlau
    - cristicalin
    - liupeng0518
    - yankay
    - cyclinder
    - mzaian
    - mrfreezeex
  kubespray-emeritus_approvers:
    - riverzhang
    - atoms
--- a/README.md
+++ b/README.md
@@ -13,7 +13,7 @@ You can get your invite [here](http://slack.k8s.io/)
 ## Quick Start
-Below are several ways to use Kubespray to deploy a Kubernetes cluster.
+To deploy the cluster you can use :
 ### Ansible
@@ -34,13 +34,6 @@ CONFIG_FILE=inventory/mycluster/hosts.yaml python3 contrib/inventory_builder/inv
 cat inventory/mycluster/group_vars/all/all.yml
 cat inventory/mycluster/group_vars/k8s_cluster/k8s-cluster.yml
 # Clean up old Kubernete cluster with Ansible Playbook - run the playbook as root
 # The option `--become` is required, as for example cleaning up SSL keys in /etc/,
 # uninstalling old packages and interacting with various systemd daemons.
 # Without --become the playbook will fail to run!
 # And be mind it will remove the current kubernetes cluster (if it's running)!
 ansible-playbook -i inventory/mycluster/hosts.yaml  --become --become-user=root reset.yml
 # Deploy Kubespray with Ansible Playbook - run the playbook as root
 # The option `--become` is required, as for example writing SSL keys in /etc/,
 # installing packages and interacting with various systemd daemons.
@@ -48,50 +41,34 @@ ansible-playbook -i inventory/mycluster/hosts.yaml  --become --become-user=root
 ansible-playbook -i inventory/mycluster/hosts.yaml  --become --become-user=root cluster.yml
 ```
-Note: When Ansible is already installed via system packages on the control node,
+Note: When Ansible is already installed via system packages on the control machine, other python packages installed via `sudo pip install -r requirements.txt` will go to a different directory tree (e.g. `/usr/local/lib/python2.7/dist-packages` on Ubuntu) from Ansible's (e.g. `/usr/lib/python2.7/dist-packages/ansible` still on Ubuntu).
-Python packages installed via `sudo pip install -r requirements.txt` will go to
+As a consequence, `ansible-playbook` command will fail with:
 a different directory tree (e.g. `/usr/local/lib/python2.7/dist-packages` on
 Ubuntu) from Ansible's (e.g. `/usr/lib/python2.7/dist-packages/ansible` still on
 Ubuntu). As a consequence, the `ansible-playbook` command will fail with:
 ```raw
 ERROR! no action detected in task. This often indicates a misspelled module name, or incorrect module path.
 ```
-This likely indicates that a task depends on a module present in ``requirements.txt``.
+probably pointing on a task depending on a module present in requirements.txt.
-One way of addressing this is to uninstall the system Ansible package then
+One way of solving this would be to uninstall the Ansible package and then, to install it via pip but it is not always possible.
-reinstall Ansible via ``pip``, but this not always possible and one must
+A workaround consists of setting `ANSIBLE_LIBRARY` and `ANSIBLE_MODULE_UTILS` environment variables respectively to the `ansible/modules` and `ansible/module_utils` subdirectories of pip packages installation location, which can be found in the Location field of the output of `pip show [package]` before executing `ansible-playbook`.
 take care regarding package versions.
 A workaround consists of setting the `ANSIBLE_LIBRARY`
 and `ANSIBLE_MODULE_UTILS` environment variables respectively to
 the `ansible/modules` and `ansible/module_utils` subdirectories of the ``pip``
 installation location, which is the ``Location`` shown by running
 `pip show [package]` before executing `ansible-playbook`.
-A simple way to ensure you get all the correct version of Ansible is to use
+A simple way to ensure you get all the correct version of Ansible is to use the [pre-built docker image from Quay](https://quay.io/repository/kubespray/kubespray?tab=tags).
-the [pre-built docker image from Quay](https://quay.io/repository/kubespray/kubespray?tab=tags).
+You will then need to use [bind mounts](https://docs.docker.com/storage/bind-mounts/) to get the inventory and ssh key into the container, like this:
 You will then need to use [bind mounts](https://docs.docker.com/storage/bind-mounts/)
 to access the inventory and SSH key in the container, like this:
 ```ShellSession
-git checkout v2.22.2
+docker pull quay.io/kubespray/kubespray:v2.19.0
 docker pull quay.io/kubespray/kubespray:v2.22.2
 docker run --rm -it --mount type=bind,source="$(pwd)"/inventory/sample,dst=/inventory \
  --mount type=bind,source="${HOME}"/.ssh/id_rsa,dst=/root/.ssh/id_rsa \
-  quay.io/kubespray/kubespray:v2.22.0 bash
+  quay.io/kubespray/kubespray:v2.19.0 bash
 # Inside the container you may now run the kubespray playbooks:
 ansible-playbook -i /inventory/inventory.ini --private-key /root/.ssh/id_rsa cluster.yml
 ```
 #### Collection
 See [here](docs/ansible_collection.md) if you wish to use this repository as an Ansible collection
 ### Vagrant
-For Vagrant we need to install Python dependencies for provisioning tasks.
+For Vagrant we need to install python dependencies for provisioning tasks.
-Check that ``Python`` and ``pip`` are installed:
+Check if Python and pip are installed:
 ```ShellSession
 python -V && pip -V
@@ -136,54 +113,52 @@ vagrant up
 - [Air-Gap installation](docs/offline-environment.md)
 - [NTP](docs/ntp.md)
 - [Hardening](docs/hardening.md)
 - [Mirror](docs/mirror.md)
 - [Roadmap](docs/roadmap.md)
 ## Supported Linux Distributions
 - **Flatcar Container Linux by Kinvolk**
- **Debian** Bullseye, Buster
+- **Debian** Bullseye, Buster, Jessie, Stretch
 - **Ubuntu** 16.04, 18.04, 20.04, 22.04
- **CentOS/RHEL** 7, [8, 9](docs/centos.md#centos-8)
+- **CentOS/RHEL** 7, [8](docs/centos.md#centos-8)
- **Fedora** 37, 38
+- **Fedora** 35, 36
 - **Fedora CoreOS** (see [fcos Note](docs/fcos.md))
 - **openSUSE** Leap 15.x/Tumbleweed
- **Oracle Linux** 7, [8, 9](docs/centos.md#centos-8)
+- **Oracle Linux** 7, [8](docs/centos.md#centos-8)
- **Alma Linux** [8, 9](docs/centos.md#centos-8)
+- **Alma Linux** [8](docs/centos.md#centos-8)
- **Rocky Linux** [8, 9](docs/centos.md#centos-8)
+- **Rocky Linux** [8](docs/centos.md#centos-8)
 - **Kylin Linux Advanced Server V10** (experimental: see [kylin linux notes](docs/kylinlinux.md))
 - **Amazon Linux 2** (experimental: see [amazon linux notes](docs/amazonlinux.md))
 - **UOS Linux** (experimental: see [uos linux notes](docs/uoslinux.md))
 - **openEuler** (experimental: see [openEuler notes](docs/openeuler.md))
 Note: Upstart/SysV init based OS types are not supported.
 ## Supported Components
 - Core
-  - [kubernetes](https://github.com/kubernetes/kubernetes) v1.26.13
+  - [kubernetes](https://github.com/kubernetes/kubernetes) v1.24.3
-  - [etcd](https://github.com/etcd-io/etcd) v3.5.6
+  - [etcd](https://github.com/etcd-io/etcd) v3.5.4
  - [docker](https://www.docker.com/) v20.10 (see note)
-  - [containerd](https://containerd.io/) v1.7.13
+  - [containerd](https://containerd.io/) v1.6.6
  - [cri-o](http://cri-o.io/) v1.24 (experimental: see [CRI-O Note](docs/cri-o.md). Only on fedora, ubuntu and centos based OS)
 - Network Plugin
-  - [cni-plugins](https://github.com/containernetworking/plugins) v1.2.0
+  - [cni-plugins](https://github.com/containernetworking/plugins) v1.1.1
-  - [calico](https://github.com/projectcalico/calico) v3.25.1
+  - [calico](https://github.com/projectcalico/calico) v3.23.3
-  - [cilium](https://github.com/cilium/cilium) v1.13.0
+  - [canal](https://github.com/projectcalico/canal) (given calico/flannel versions)
-  - [flannel](https://github.com/flannel-io/flannel) v0.21.4
+  - [cilium](https://github.com/cilium/cilium) v1.11.7
-  - [kube-ovn](https://github.com/alauda/kube-ovn) v1.10.7
+  - [flannel](https://github.com/flannel-io/flannel) v0.18.1
  - [kube-ovn](https://github.com/alauda/kube-ovn) v1.9.7
  - [kube-router](https://github.com/cloudnativelabs/kube-router) v1.5.1
-  - [multus](https://github.com/k8snetworkplumbingwg/multus-cni) v3.8
+  - [multus](https://github.com/intel/multus-cni) v3.8
  - [weave](https://github.com/weaveworks/weave) v2.8.1
-  - [kube-vip](https://github.com/kube-vip/kube-vip) v0.5.12
+  - [kube-vip](https://github.com/kube-vip/kube-vip) v0.4.2
 - Application
-  - [cert-manager](https://github.com/jetstack/cert-manager) v1.11.1
+  - [cert-manager](https://github.com/jetstack/cert-manager) v1.9.0
-  - [coredns](https://github.com/coredns/coredns) v1.9.3
+  - [coredns](https://github.com/coredns/coredns) v1.8.6
-  - [ingress-nginx](https://github.com/kubernetes/ingress-nginx) v1.7.1
+  - [ingress-nginx](https://github.com/kubernetes/ingress-nginx) v1.3.0
  - [krew](https://github.com/kubernetes-sigs/krew) v0.4.3
-  - [argocd](https://argoproj.github.io/) v2.7.2
+  - [argocd](https://argoproj.github.io/) v2.4.7
-  - [helm](https://helm.sh/) v3.12.0
+  - [helm](https://helm.sh/) v3.9.2
-  - [metallb](https://metallb.universe.tf/)  v0.13.9
+  - [metallb](https://metallb.universe.tf/)  v0.12.1
  - [registry](https://github.com/distribution/distribution) v2.8.1
 - Storage Plugin
  - [cephfs-provisioner](https://github.com/kubernetes-incubator/external-storage) v2.1.0-k8s1.11
@@ -192,29 +167,29 @@ Note: Upstart/SysV init based OS types are not supported.
  - [azure-csi-plugin](https://github.com/kubernetes-sigs/azuredisk-csi-driver) v1.10.0
  - [cinder-csi-plugin](https://github.com/kubernetes/cloud-provider-openstack/blob/master/docs/cinder-csi-plugin/using-cinder-csi-plugin.md) v1.22.0
  - [gcp-pd-csi-plugin](https://github.com/kubernetes-sigs/gcp-compute-persistent-disk-csi-driver) v1.4.0
-  - [local-path-provisioner](https://github.com/rancher/local-path-provisioner) v0.0.23
+  - [local-path-provisioner](https://github.com/rancher/local-path-provisioner) v0.0.22
-  - [local-volume-provisioner](https://github.com/kubernetes-sigs/sig-storage-local-static-provisioner) v2.5.0
+  - [local-volume-provisioner](https://github.com/kubernetes-sigs/sig-storage-local-static-provisioner) v2.4.0
 ## Container Runtime Notes
- Supported Docker versions are 18.09, 19.03 and 20.10. The *recommended* Docker version is 20.10. `Kubelet` might break on docker's non-standard version numbering (it no longer uses semantic versioning). To ensure auto-updates don't break your cluster look into e.g. the YUM  ``versionlock`` plugin or ``apt pin``).
+- The list of available docker version is 18.09, 19.03 and 20.10. The recommended docker version is 20.10. The kubelet might break on docker's non-standard version numbering (it no longer uses semantic versioning). To ensure auto-updates don't break your cluster look into e.g. yum versionlock plugin or apt pin).
 - The cri-o version should be aligned with the respective kubernetes version (i.e. kube_version=1.20.x, crio_version=1.20)
 ## Requirements
- **Minimum required version of Kubernetes is v1.24**
+- **Minimum required version of Kubernetes is v1.22**
 - **Ansible v2.11+, Jinja 2.11+ and python-netaddr is installed on the machine that will run Ansible commands**
 - The target servers must have **access to the Internet** in order to pull docker images. Otherwise, additional configuration is required (See [Offline Environment](docs/offline-environment.md))
 - The target servers are configured to allow **IPv4 forwarding**.
 - If using IPv6 for pods and services, the target servers are configured to allow **IPv6 forwarding**.
 - The **firewalls are not managed**, you'll need to implement your own rules the way you used to.
    in order to avoid any issue during deployment you should disable your firewall.
- If kubespray is run from non-root user account, correct privilege escalation method
+- If kubespray is ran from non-root user account, correct privilege escalation method
    should be configured in the target servers. Then the `ansible_become` flag
    or command parameters `--become or -b` should be specified.
 Hardware:
-These limits are safeguarded by Kubespray. Actual requirements for your workload can differ. For a sizing guide go to the [Building Large Clusters](https://kubernetes.io/docs/setup/cluster-large/#size-of-master-and-master-components) guide.
+These limits are safe guarded by Kubespray. Actual requirements for your workload can differ. For a sizing guide go to the [Building Large Clusters](https://kubernetes.io/docs/setup/cluster-large/#size-of-master-and-master-components) guide.
 - Master
  - Memory: 1500 MB
@@ -223,7 +198,7 @@ These limits are safeguarded by Kubespray. Actual requirements for your workload
 ## Network Plugins
-You can choose among ten network plugins. (default: `calico`, except Vagrant uses `flannel`)
+You can choose between 10 network plugins. (default: `calico`, except Vagrant uses `flannel`)
 - [flannel](docs/flannel.md): gre/vxlan (layer 2) networking.
@@ -232,6 +207,8 @@ You can choose among ten network plugins. (default: `calico`, except Vagrant use
    and overlay networks, with or without BGP. Calico uses the same engine to enforce network policy for hosts,
    pods, and (if using Istio and Envoy) applications at the service mesh layer.
 - [canal](https://github.com/projectcalico/canal): a composition of calico and flannel plugins.
 - [cilium](http://docs.cilium.io/en/latest/): layer 3/4 networking (as well as layer 7 to protect and secure application protocols), supports dynamic insertion of BPF bytecode into the Linux kernel to implement security services, networking and visibility logic.
 - [weave](docs/weave.md): Weave is a lightweight container overlay network that doesn't require an external K/V database cluster.
@@ -248,10 +225,7 @@ You can choose among ten network plugins. (default: `calico`, except Vagrant use
 - [multus](docs/multus.md): Multus is a meta CNI plugin that provides multiple network interface support to pods. For each interface Multus delegates CNI calls to secondary CNI plugins such as Calico, macvlan, etc.
- [custom_cni](roles/network-plugin/custom_cni/) : You can specify some manifests that will be applied to the clusters to bring you own CNI and use non-supported ones by Kubespray.
+The choice is defined with the variable `kube_network_plugin`. There is also an
  See `tests/files/custom_cni/README.md` and `tests/files/custom_cni/values.yaml`for an example with a CNI provided by a Helm Chart.
 The network plugin to use is defined by the variable `kube_network_plugin`. There is also an
 option to leverage built-in cloud provider networking instead.
 See also [Network checker](docs/netcheck.md).
@@ -272,11 +246,10 @@ See also [Network checker](docs/netcheck.md).
 - [Digital Rebar Provision](https://github.com/digitalrebar/provision/blob/v4/doc/integrations/ansible.rst)
 - [Terraform Contrib](https://github.com/kubernetes-sigs/kubespray/tree/master/contrib/terraform)
 - [Kubean](https://github.com/kubean-io/kubean)
 ## CI Tests
-[![Build graphs](https://gitlab.com/kargo-ci/kubernetes-sigs-kubespray/badges/master/pipeline.svg)](https://gitlab.com/kargo-ci/kubernetes-sigs-kubespray/-/pipelines)
+[![Build graphs](https://gitlab.com/kargo-ci/kubernetes-sigs-kubespray/badges/master/pipeline.svg)](https://gitlab.com/kargo-ci/kubernetes-sigs-kubespray/pipelines)
 CI/end-to-end tests sponsored by: [CNCF](https://cncf.io), [Equinix Metal](https://metal.equinix.com/), [OVHcloud](https://www.ovhcloud.com/), [ELASTX](https://elastx.se/).
--- a/RELEASE.md
+++ b/RELEASE.md
@@ -60,7 +60,7 @@ release-notes --start-sha <The start commit-id> --end-sha <The end commit-id> --
 ```
 If the release note file(/tmp/kubespray-release-note) contains "### Uncategorized" pull requests, those pull requests don't have a valid kind label(`kind/feature`, etc.).
-It is necessary to put a valid label on each pull request and run the above release-notes command again to get a better release note
+It is necessary to put a valid label on each pull request and run the above release-notes command again to get a better release note)
 ## Container image creation
--- a/4
+++ b/4
@@ -9,7 +9,5 @@
 #
 # DO NOT REPORT SECURITY VULNERABILITIES DIRECTLY TO THESE NAMES, FOLLOW THE
 # INSTRUCTIONS AT https://kubernetes.io/security/
 atoms
 mattymo
 floryut
 oomichi
 cristicalin
--- a/31
+++ b/31
@@ -29,9 +29,9 @@ SUPPORTED_OS = {
  "almalinux8"          => {box: "almalinux/8",                user: "vagrant"},
  "almalinux8-bento"    => {box: "bento/almalinux-8",          user: "vagrant"},
  "rockylinux8"         => {box: "generic/rocky8",             user: "vagrant"},
-  "fedora37"            => {box: "fedora/37-cloud-base",       user: "vagrant"},
+  "fedora35"            => {box: "fedora/35-cloud-base",       user: "vagrant"},
-  "fedora38"            => {box: "fedora/38-cloud-base",       user: "vagrant"},
+  "fedora36"            => {box: "fedora/36-cloud-base",       user: "vagrant"},
-  "opensuse"            => {box: "opensuse/Leap-15.4.x86_64",  user: "vagrant"},
+  "opensuse"            => {box: "opensuse/Leap-15.3.x86_64",  user: "vagrant"},
  "opensuse-tumbleweed" => {box: "opensuse/Tumbleweed.x86_64", user: "vagrant"},
  "oraclelinux"         => {box: "generic/oracle7",            user: "vagrant"},
  "oraclelinux8"        => {box: "generic/oracle8",            user: "vagrant"},
@@ -55,14 +55,14 @@ $subnet ||= "172.18.8"
 $subnet_ipv6 ||= "fd3c:b398:0698:0756"
 $os ||= "ubuntu1804"
 $network_plugin ||= "flannel"
-# Setting multi_networking to true will install Multus: https://github.com/k8snetworkplumbingwg/multus-cni
+# Setting multi_networking to true will install Multus: https://github.com/intel/multus-cni
 $multi_networking ||= "False"
 $download_run_once ||= "True"
 $download_force_cache ||= "False"
 # The first three nodes are etcd servers
-$etcd_instances ||= [$num_instances, 3].min
+$etcd_instances ||= $num_instances
 # The first two nodes are kube masters
-$kube_master_instances ||= [$num_instances, 2].min
+$kube_master_instances ||= $num_instances == 1 ? $num_instances : ($num_instances - 1)
 # All nodes are kube nodes
 $kube_node_instances ||= $num_instances
 # The following only works when using the libvirt provider
@@ -82,13 +82,6 @@ $playbook ||= "cluster.yml"
 host_vars = {}
 # throw error if os is not supported
 if ! SUPPORTED_OS.key?($os)
  puts "Unsupported OS: #{$os}"
  puts "Supported OS are: #{SUPPORTED_OS.keys.join(', ')}"
  exit 1
 end
 $box = SUPPORTED_OS[$os][:box]
 # if $inventory is not set, try to use example
 $inventory = "inventory/sample" if ! $inventory
@@ -208,8 +201,7 @@ Vagrant.configure("2") do |config|
      end
      ip = "#{$subnet}.#{i+100}"
-      node.vm.network :private_network,
+      node.vm.network :private_network, ip: ip,
        :ip => ip,
        :libvirt__guest_ipv6 => 'yes',
        :libvirt__ipv6_address => "#{$subnet_ipv6}::#{i+100}",
        :libvirt__ipv6_prefix => "64",
@@ -224,14 +216,6 @@ Vagrant.configure("2") do |config|
        node.vm.provision "shell", inline: "rm -f /etc/modprobe.d/local.conf"
        node.vm.provision "shell", inline: "sed -i '/net.ipv6.conf.all.disable_ipv6/d' /etc/sysctl.d/99-sysctl.conf /etc/sysctl.conf"
      end
      # Hack for fedora37/38 to get the IP address of the second interface
      if ["fedora37", "fedora38"].include? $os
        config.vm.provision "shell", inline: <<-SHELL
          nmcli conn modify 'Wired connection 2' ipv4.addresses $(cat /etc/sysconfig/network-scripts/ifcfg-eth1 | grep IPADDR | cut -d "=" -f2)
          nmcli conn modify 'Wired connection 2' ipv4.method manual
          service NetworkManager restart
        SHELL
      end
      # Disable firewalld on oraclelinux/redhat vms
      if ["oraclelinux","oraclelinux8","rhel7","rhel8"].include? $os
@@ -264,7 +248,6 @@ Vagrant.configure("2") do |config|
      if i == $num_instances
        node.vm.provision "ansible" do |ansible|
          ansible.playbook = $playbook
          ansible.compatibility_mode = "2.0"
          ansible.verbose = $ansible_verbosity
          $ansible_inventory_path = File.join( $inventory, "hosts.ini")
          if File.exist?($ansible_inventory_path)
--- a/playbooks/ansible_version.yml
+++ b/playbooks/ansible_version.yml
--- a/cluster.yml
+++ b/cluster.yml
@@ -1,3 +1,128 @@
 ---
- name: Install Kubernetes
+- name: Check ansible version
-  ansible.builtin.import_playbook: playbooks/cluster.yml
+  import_playbook: ansible_version.yml
 - name: Ensure compatibility with old groups
  import_playbook: legacy_groups.yml
 - hosts: bastion[0]
  gather_facts: False
  environment: "{{ proxy_disable_env }}"
  roles:
    - { role: kubespray-defaults }
    - { role: bastion-ssh-config, tags: ["localhost", "bastion"] }
 - hosts: k8s_cluster:etcd
  strategy: linear
  any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
  gather_facts: false
  environment: "{{ proxy_disable_env }}"
  roles:
    - { role: kubespray-defaults }
    - { role: bootstrap-os, tags: bootstrap-os}
 - name: Gather facts
  tags: always
  import_playbook: facts.yml
 - hosts: k8s_cluster:etcd
  gather_facts: False
  any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
  environment: "{{ proxy_disable_env }}"
  roles:
    - { role: kubespray-defaults }
    - { role: kubernetes/preinstall, tags: preinstall }
    - { role: "container-engine", tags: "container-engine", when: deploy_container_engine }
    - { role: download, tags: download, when: "not skip_downloads" }
 - hosts: etcd
  gather_facts: False
  any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
  environment: "{{ proxy_disable_env }}"
  roles:
    - { role: kubespray-defaults }
    - role: etcd
      tags: etcd
      vars:
        etcd_cluster_setup: true
        etcd_events_cluster_setup: "{{ etcd_events_cluster_enabled }}"
      when: etcd_deployment_type != "kubeadm"
 - hosts: k8s_cluster
  gather_facts: False
  any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
  environment: "{{ proxy_disable_env }}"
  roles:
    - { role: kubespray-defaults }
    - role: etcd
      tags: etcd
      vars:
        etcd_cluster_setup: false
        etcd_events_cluster_setup: false
      when: etcd_deployment_type != "kubeadm"
 - hosts: k8s_cluster
  gather_facts: False
  any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
  environment: "{{ proxy_disable_env }}"
  roles:
    - { role: kubespray-defaults }
    - { role: kubernetes/node, tags: node }
 - hosts: kube_control_plane
  gather_facts: False
  any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
  environment: "{{ proxy_disable_env }}"
  roles:
    - { role: kubespray-defaults }
    - { role: kubernetes/control-plane, tags: master }
    - { role: kubernetes/client, tags: client }
    - { role: kubernetes-apps/cluster_roles, tags: cluster-roles }
 - hosts: k8s_cluster
  gather_facts: False
  any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
  environment: "{{ proxy_disable_env }}"
  roles:
    - { role: kubespray-defaults }
    - { role: kubernetes/kubeadm, tags: kubeadm}
    - { role: kubernetes/node-label, tags: node-label }
    - { role: network_plugin, tags: network }
 - hosts: calico_rr
  gather_facts: False
  any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
  environment: "{{ proxy_disable_env }}"
  roles:
    - { role: kubespray-defaults }
    - { role: network_plugin/calico/rr, tags: ['network', 'calico_rr'] }
 - hosts: kube_control_plane[0]
  gather_facts: False
  any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
  environment: "{{ proxy_disable_env }}"
  roles:
    - { role: kubespray-defaults }
    - { role: win_nodes/kubernetes_patch, tags: ["master", "win_nodes"] }
 - hosts: kube_control_plane
  gather_facts: False
  any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
  environment: "{{ proxy_disable_env }}"
  roles:
    - { role: kubespray-defaults }
    - { role: kubernetes-apps/external_cloud_controller, tags: external-cloud-controller }
    - { role: kubernetes-apps/network_plugin, tags: network }
    - { role: kubernetes-apps/policy_controller, tags: policy-controller }
    - { role: kubernetes-apps/ingress_controller, tags: ingress-controller }
    - { role: kubernetes-apps/external_provisioner, tags: external-provisioner }
    - { role: kubernetes-apps, tags: apps }
 - name: Apply resolv.conf changes now that cluster DNS is up
  hosts: k8s_cluster
  gather_facts: False
  any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
  environment: "{{ proxy_disable_env }}"
  roles:
    - { role: kubespray-defaults }
    - { role: kubernetes/preinstall, when: "dns_mode != 'none' and resolvconf_mode == 'host_resolvconf'", tags: resolvconf, dns_late: true }
--- a/contrib/aws_inventory/requirements.txt
+++ b/contrib/aws_inventory/requirements.txt
@@ -1 +1 @@
-boto3  # Apache-2.0
+boto3  # Apache-2.0
--- a/contrib/azurerm/.gitignore
+++ b/contrib/azurerm/.gitignore
@@ -1,2 +1,2 @@
 .generated
-/inventory
+/inventory
--- a/contrib/azurerm/roles/generate-inventory_2/templates/inventory.j2
+++ b/contrib/azurerm/roles/generate-inventory_2/templates/inventory.j2
@@ -31,3 +31,4 @@
 [k8s_cluster:children]
 kube_node
 kube_control_plane
--- a/contrib/azurerm/roles/generate-templates/templates/availability-sets.json
+++ b/contrib/azurerm/roles/generate-templates/templates/availability-sets.json
@@ -27,4 +27,4 @@
      }
    }
  ]
-}
+}
--- a/contrib/azurerm/roles/generate-templates/templates/bastion.json
+++ b/contrib/azurerm/roles/generate-templates/templates/bastion.json
@@ -103,4 +103,4 @@
    }
    {% endif %}
  ]
-}
+}
--- a/contrib/azurerm/roles/generate-templates/templates/clear-rg.json
+++ b/contrib/azurerm/roles/generate-templates/templates/clear-rg.json
@@ -5,4 +5,4 @@
  "variables": {},
  "resources": [],
  "outputs": {}
-}
+}
--- a/contrib/azurerm/roles/generate-templates/templates/storage.json
+++ b/contrib/azurerm/roles/generate-templates/templates/storage.json
@@ -16,4 +16,4 @@
      }
    }
  ]
-}
+}
--- a/contrib/dind/roles/dind-cluster/tasks/main.yaml
+++ b/contrib/dind/roles/dind-cluster/tasks/main.yaml
@@ -43,7 +43,7 @@
  package:
    name: "{{ item }}"
    state: present
-  with_items: "{{ distro_extra_packages + [ 'rsyslog', 'openssh-server' ] }}"
+  with_items: "{{ distro_extra_packages }} + [ 'rsyslog', 'openssh-server' ]"
 - name: Start needed services
  service:
--- a/contrib/inventory_builder/requirements.txt
+++ b/contrib/inventory_builder/requirements.txt
@@ -1,3 +1,3 @@
 configparser>=3.3.0
 ipaddress
 ruamel.yaml>=0.15.88
 ipaddress
--- a/contrib/inventory_builder/test-requirements.txt
+++ b/contrib/inventory_builder/test-requirements.txt
@@ -1,3 +1,3 @@
 hacking>=0.10.2
 mock>=1.3.0
 pytest>=2.8.0
 mock>=1.3.0
--- a/contrib/inventory_builder/tests/test_inventory.py
+++ b/contrib/inventory_builder/tests/test_inventory.py
@@ -13,7 +13,7 @@
 # under the License.
 import inventory
-from io import StringIO
+from test import support
 import unittest
 from unittest import mock
@@ -41,7 +41,7 @@ class TestInventoryPrintHostnames(unittest.TestCase):
                      'access_ip': '10.90.0.3'}}}})
        with mock.patch('builtins.open', mock_io):
            with self.assertRaises(SystemExit) as cm:
-                with mock.patch('sys.stdout', new_callable=StringIO) as stdout:
+                with support.captured_stdout() as stdout:
                    inventory.KubesprayInventory(
                        changed_hosts=["print_hostnames"],
                        config_file="file")
--- a/contrib/kvm-setup/group_vars/all
+++ b/contrib/kvm-setup/group_vars/all
@@ -1,2 +1,3 @@
 #k8s_deployment_user: kubespray
 #k8s_deployment_user_pkey_path: /tmp/ssh_rsa
--- a/contrib/network-storage/glusterfs/inventory.example
+++ b/contrib/network-storage/glusterfs/inventory.example
@@ -41,3 +41,4 @@
 # [network-storage:children]
 # gfs-cluster
--- a/contrib/network-storage/glusterfs/roles/kubernetes-pv/ansible/templates/glusterfs-kubernetes-endpoint.json.j2
+++ b/contrib/network-storage/glusterfs/roles/kubernetes-pv/ansible/templates/glusterfs-kubernetes-endpoint.json.j2
@@ -21,3 +21,4 @@
    {% endfor %}
  ]
 }
--- a/contrib/terraform/equinix/output.tf
+++ b/contrib/terraform/equinix/output.tf
@@ -1,15 +0,0 @@
 output "k8s_masters" {
  value = equinix_metal_device.k8s_master.*.access_public_ipv4
 }
 output "k8s_masters_no_etc" {
  value = equinix_metal_device.k8s_master_no_etcd.*.access_public_ipv4
 }
 output "k8s_etcds" {
  value = equinix_metal_device.k8s_etcd.*.access_public_ipv4
 }
 output "k8s_nodes" {
  value = equinix_metal_device.k8s_node.*.access_public_ipv4
 }
--- a/contrib/terraform/equinix/provider.tf
+++ b/contrib/terraform/equinix/provider.tf
@@ -1,17 +0,0 @@
 terraform {
  required_version = ">= 1.0.0"
  provider_meta "equinix" {
    module_name = "kubespray"
  }
  required_providers {
    equinix = {
      source  = "equinix/equinix"
      version = "~> 1.14"
    }
  }
 }
 # Configure the Equinix Metal Provider
 provider "equinix" {
 }
--- a/contrib/terraform/exoscale/default.tfvars
+++ b/contrib/terraform/exoscale/default.tfvars
@@ -12,7 +12,7 @@ ssh_public_keys = [
 machines = {
  "master-0" : {
    "node_type" : "master",
-    "size" : "standard.medium",
+    "size" : "Medium",
    "boot_disk" : {
      "image_name" : "Linux Ubuntu 20.04 LTS 64-bit",
      "root_partition_size" : 50,
@@ -22,7 +22,7 @@ machines = {
  },
  "worker-0" : {
    "node_type" : "worker",
-    "size" : "standard.large",
+    "size" : "Large",
    "boot_disk" : {
      "image_name" : "Linux Ubuntu 20.04 LTS 64-bit",
      "root_partition_size" : 50,
@@ -32,7 +32,7 @@ machines = {
  },
  "worker-1" : {
    "node_type" : "worker",
-    "size" : "standard.large",
+    "size" : "Large",
    "boot_disk" : {
      "image_name" : "Linux Ubuntu 20.04 LTS 64-bit",
      "root_partition_size" : 50,
@@ -42,7 +42,7 @@ machines = {
  },
  "worker-2" : {
    "node_type" : "worker",
-    "size" : "standard.large",
+    "size" : "Large",
    "boot_disk" : {
      "image_name" : "Linux Ubuntu 20.04 LTS 64-bit",
      "root_partition_size" : 50,
--- a/contrib/terraform/exoscale/main.tf
+++ b/contrib/terraform/exoscale/main.tf
@@ -3,8 +3,8 @@ provider "exoscale" {}
 module "kubernetes" {
  source = "./modules/kubernetes-cluster"
-  prefix   = var.prefix
+  prefix = var.prefix
-  zone     = var.zone
+
  machines = var.machines
  ssh_public_keys = var.ssh_public_keys
--- a/contrib/terraform/exoscale/modules/kubernetes-cluster/main.tf
+++ b/contrib/terraform/exoscale/modules/kubernetes-cluster/main.tf
@@ -1,25 +1,29 @@
-data "exoscale_template" "os_image" {
+data "exoscale_compute_template" "os_image" {
  for_each = var.machines
  zone = var.zone
  name = each.value.boot_disk.image_name
 }
-data "exoscale_compute_instance" "master_nodes" {
+data "exoscale_compute" "master_nodes" {
-  for_each = exoscale_compute_instance.master
+  for_each = exoscale_compute.master
-  id   = each.value.id
+  id = each.value.id
-  zone = var.zone
+
  # Since private IP address is not assigned until the nics are created we need this
  depends_on = [exoscale_nic.master_private_network_nic]
 }
-data "exoscale_compute_instance" "worker_nodes" {
+data "exoscale_compute" "worker_nodes" {
-  for_each = exoscale_compute_instance.worker
+  for_each = exoscale_compute.worker
-  id   = each.value.id
+  id = each.value.id
-  zone = var.zone
+
  # Since private IP address is not assigned until the nics are created we need this
  depends_on = [exoscale_nic.worker_private_network_nic]
 }
-resource "exoscale_private_network" "private_network" {
+resource "exoscale_network" "private_network" {
  zone = var.zone
  name = "${var.prefix}-network"
@@ -30,29 +34,25 @@ resource "exoscale_private_network" "private_network" {
  netmask = cidrnetmask(var.private_network_cidr)
 }
-resource "exoscale_compute_instance" "master" {
+resource "exoscale_compute" "master" {
  for_each = {
    for name, machine in var.machines :
    name => machine
    if machine.node_type == "master"
  }
-  name               = "${var.prefix}-${each.key}"
+  display_name    = "${var.prefix}-${each.key}"
-  template_id        = data.exoscale_template.os_image[each.key].id
+  template_id     = data.exoscale_compute_template.os_image[each.key].id
-  type               = each.value.size
+  size            = each.value.size
-  disk_size          = each.value.boot_disk.root_partition_size + each.value.boot_disk.node_local_partition_size + each.value.boot_disk.ceph_partition_size
+  disk_size       = each.value.boot_disk.root_partition_size + each.value.boot_disk.node_local_partition_size + each.value.boot_disk.ceph_partition_size
-  state              = "Running"
+  state           = "Running"
-  zone               = var.zone
+  zone            = var.zone
-  security_group_ids = [exoscale_security_group.master_sg.id]
+  security_groups = [exoscale_security_group.master_sg.name]
  network_interface {
    network_id = exoscale_private_network.private_network.id
  }
  elastic_ip_ids = [exoscale_elastic_ip.control_plane_lb.id]
  user_data = templatefile(
    "${path.module}/templates/cloud-init.tmpl",
    {
-      eip_ip_address            = exoscale_elastic_ip.ingress_controller_lb.ip_address
+      eip_ip_address            = exoscale_ipaddress.ingress_controller_lb.ip_address
      node_local_partition_size = each.value.boot_disk.node_local_partition_size
      ceph_partition_size       = each.value.boot_disk.ceph_partition_size
      root_partition_size       = each.value.boot_disk.root_partition_size
@@ -62,29 +62,25 @@ resource "exoscale_compute_instance" "master" {
  )
 }
-resource "exoscale_compute_instance" "worker" {
+resource "exoscale_compute" "worker" {
  for_each = {
    for name, machine in var.machines :
    name => machine
    if machine.node_type == "worker"
  }
-  name               = "${var.prefix}-${each.key}"
+  display_name    = "${var.prefix}-${each.key}"
-  template_id        = data.exoscale_template.os_image[each.key].id
+  template_id     = data.exoscale_compute_template.os_image[each.key].id
-  type               = each.value.size
+  size            = each.value.size
-  disk_size          = each.value.boot_disk.root_partition_size + each.value.boot_disk.node_local_partition_size + each.value.boot_disk.ceph_partition_size
+  disk_size       = each.value.boot_disk.root_partition_size + each.value.boot_disk.node_local_partition_size + each.value.boot_disk.ceph_partition_size
-  state              = "Running"
+  state           = "Running"
-  zone               = var.zone
+  zone            = var.zone
-  security_group_ids = [exoscale_security_group.worker_sg.id]
+  security_groups = [exoscale_security_group.worker_sg.name]
  network_interface {
    network_id = exoscale_private_network.private_network.id
  }
  elastic_ip_ids = [exoscale_elastic_ip.ingress_controller_lb.id]
  user_data = templatefile(
    "${path.module}/templates/cloud-init.tmpl",
    {
-      eip_ip_address            = exoscale_elastic_ip.ingress_controller_lb.ip_address
+      eip_ip_address            = exoscale_ipaddress.ingress_controller_lb.ip_address
      node_local_partition_size = each.value.boot_disk.node_local_partition_size
      ceph_partition_size       = each.value.boot_disk.ceph_partition_size
      root_partition_size       = each.value.boot_disk.root_partition_size
@@ -94,33 +90,41 @@ resource "exoscale_compute_instance" "worker" {
  )
 }
 resource "exoscale_nic" "master_private_network_nic" {
  for_each = exoscale_compute.master
  compute_id = each.value.id
  network_id = exoscale_network.private_network.id
 }
 resource "exoscale_nic" "worker_private_network_nic" {
  for_each = exoscale_compute.worker
  compute_id = each.value.id
  network_id = exoscale_network.private_network.id
 }
 resource "exoscale_security_group" "master_sg" {
  name        = "${var.prefix}-master-sg"
  description = "Security group for Kubernetes masters"
 }
-resource "exoscale_security_group_rule" "master_sg_rule_ssh" {
+resource "exoscale_security_group_rules" "master_sg_rules" {
  security_group_id = exoscale_security_group.master_sg.id
  for_each = toset(var.ssh_whitelist)
  # SSH
-  type       = "INGRESS"
+  ingress {
-  start_port = 22
+    protocol  = "TCP"
-  end_port   = 22
+    cidr_list = var.ssh_whitelist
-  protocol   = "TCP"
+    ports     = ["22"]
-  cidr       = each.value
+  }
 }
 resource "exoscale_security_group_rule" "master_sg_rule_k8s_api" {
  security_group_id = exoscale_security_group.master_sg.id
  for_each = toset(var.api_server_whitelist)
  # Kubernetes API
-  type       = "INGRESS"
+  ingress {
-  start_port = 6443
+    protocol  = "TCP"
-  end_port   = 6443
+    cidr_list = var.api_server_whitelist
-  protocol   = "TCP"
+    ports     = ["6443"]
-  cidr       = each.value
+  }
 }
 resource "exoscale_security_group" "worker_sg" {
@@ -128,64 +132,62 @@ resource "exoscale_security_group" "worker_sg" {
  description = "security group for kubernetes worker nodes"
 }
-resource "exoscale_security_group_rule" "worker_sg_rule_ssh" {
+resource "exoscale_security_group_rules" "worker_sg_rules" {
  security_group_id = exoscale_security_group.worker_sg.id
  # SSH
-  for_each   = toset(var.ssh_whitelist)
+  ingress {
-  type       = "INGRESS"
+    protocol  = "TCP"
-  start_port = 22
+    cidr_list = var.ssh_whitelist
-  end_port   = 22
+    ports     = ["22"]
-  protocol   = "TCP"
+  }
  cidr       = each.value
 }
 resource "exoscale_security_group_rule" "worker_sg_rule_http" {
  security_group_id = exoscale_security_group.worker_sg.id
  # HTTP(S)
-  for_each   = toset(["80", "443"])
+  ingress {
-  type       = "INGRESS"
+    protocol  = "TCP"
-  start_port = each.value
+    cidr_list = ["0.0.0.0/0"]
-  end_port   = each.value
+    ports     = ["80", "443"]
-  protocol   = "TCP"
+  }
  cidr       = "0.0.0.0/0"
 }
-
+  # Kubernetes Nodeport
-resource "exoscale_security_group_rule" "worker_sg_rule_nodeport" {
+  ingress {
-  security_group_id = exoscale_security_group.worker_sg.id
+    protocol  = "TCP"
-
+    cidr_list = var.nodeport_whitelist
-  # HTTP(S)
+    ports     = ["30000-32767"]
  for_each   = toset(var.nodeport_whitelist)
  type       = "INGRESS"
  start_port = 30000
  end_port   = 32767
  protocol   = "TCP"
  cidr       = each.value
 }
 resource "exoscale_elastic_ip" "ingress_controller_lb" {
  zone = var.zone
  healthcheck {
    mode         = "http"
    port         = 80
    uri          = "/healthz"
    interval     = 10
    timeout      = 2
    strikes_ok   = 2
    strikes_fail = 3
  }
 }
-resource "exoscale_elastic_ip" "control_plane_lb" {
+resource "exoscale_ipaddress" "ingress_controller_lb" {
-  zone = var.zone
+  zone                     = var.zone
-  healthcheck {
+  healthcheck_mode         = "http"
-    mode         = "tcp"
+  healthcheck_port         = 80
-    port         = 6443
+  healthcheck_path         = "/healthz"
-    interval     = 10
+  healthcheck_interval     = 10
-    timeout      = 2
+  healthcheck_timeout      = 2
-    strikes_ok   = 2
+  healthcheck_strikes_ok   = 2
-    strikes_fail = 3
+  healthcheck_strikes_fail = 3
-  }
+}
 resource "exoscale_secondary_ipaddress" "ingress_controller_lb" {
  for_each = exoscale_compute.worker
  compute_id = each.value.id
  ip_address = exoscale_ipaddress.ingress_controller_lb.ip_address
 }
 resource "exoscale_ipaddress" "control_plane_lb" {
  zone                     = var.zone
  healthcheck_mode         = "tcp"
  healthcheck_port         = 6443
  healthcheck_interval     = 10
  healthcheck_timeout      = 2
  healthcheck_strikes_ok   = 2
  healthcheck_strikes_fail = 3
 }
 resource "exoscale_secondary_ipaddress" "control_plane_lb" {
  for_each = exoscale_compute.master
  compute_id = each.value.id
  ip_address = exoscale_ipaddress.control_plane_lb.ip_address
 }
--- a/contrib/terraform/exoscale/modules/kubernetes-cluster/output.tf
+++ b/contrib/terraform/exoscale/modules/kubernetes-cluster/output.tf
@@ -1,19 +1,19 @@
 output "master_ip_addresses" {
  value = {
-    for key, instance in exoscale_compute_instance.master :
+    for key, instance in exoscale_compute.master :
    instance.name => {
-      "private_ip" = contains(keys(data.exoscale_compute_instance.master_nodes), key) ? data.exoscale_compute_instance.master_nodes[key].private_network_ip_addresses[0] : ""
+      "private_ip" = contains(keys(data.exoscale_compute.master_nodes), key) ? data.exoscale_compute.master_nodes[key].private_network_ip_addresses[0] : ""
-      "public_ip"  = exoscale_compute_instance.master[key].ip_address
+      "public_ip"  = exoscale_compute.master[key].ip_address
    }
  }
 }
 output "worker_ip_addresses" {
  value = {
-    for key, instance in exoscale_compute_instance.worker :
+    for key, instance in exoscale_compute.worker :
    instance.name => {
-      "private_ip" = contains(keys(data.exoscale_compute_instance.worker_nodes), key) ? data.exoscale_compute_instance.worker_nodes[key].private_network_ip_addresses[0] : ""
+      "private_ip" = contains(keys(data.exoscale_compute.worker_nodes), key) ? data.exoscale_compute.worker_nodes[key].private_network_ip_addresses[0] : ""
-      "public_ip"  = exoscale_compute_instance.worker[key].ip_address
+      "public_ip"  = exoscale_compute.worker[key].ip_address
    }
  }
 }
@@ -23,9 +23,9 @@ output "cluster_private_network_cidr" {
 }
 output "ingress_controller_lb_ip_address" {
-  value = exoscale_elastic_ip.ingress_controller_lb.ip_address
+  value = exoscale_ipaddress.ingress_controller_lb.ip_address
 }
 output "control_plane_lb_ip_address" {
-  value = exoscale_elastic_ip.control_plane_lb.ip_address
+  value = exoscale_ipaddress.control_plane_lb.ip_address
 }
--- a/contrib/terraform/exoscale/modules/kubernetes-cluster/versions.tf
+++ b/contrib/terraform/exoscale/modules/kubernetes-cluster/versions.tf
@@ -1,7 +1,7 @@
 terraform {
  required_providers {
    exoscale = {
-      source  = "exoscale/exoscale"
+      source = "exoscale/exoscale"
      version = ">= 0.21"
    }
  }
--- a/contrib/terraform/gcp/README.md
+++ b/contrib/terraform/gcp/README.md
@@ -75,11 +75,6 @@ ansible-playbook -i contrib/terraform/gcs/inventory.ini cluster.yml -b -v
 * `api_server_whitelist`: List of IP ranges (CIDR) that will be allowed to connect to the API server
 * `nodeport_whitelist`: List of IP ranges (CIDR) that will be allowed to connect to the kubernetes nodes on port 30000-32767 (kubernetes nodeports)
 * `ingress_whitelist`: List of IP ranges (CIDR) that will be allowed to connect to ingress on ports 80 and 443
 * `extra_ingress_firewalls`: Additional ingress firewall rules. Key will be used as the name of the rule
  * `source_ranges`: List of IP ranges (CIDR). Example: `["8.8.8.8"]`
  * `protocol`: Protocol. Example `"tcp"`
  * `ports`: List of ports, as string. Example `["53"]`
  * `target_tags`: List of target tag (either the machine name or `control-plane` or `worker`). Example: `["control-plane", "worker-0"]`
 ### Optional
--- a/contrib/terraform/gcp/main.tf
+++ b/contrib/terraform/gcp/main.tf
@@ -34,6 +34,4 @@ module "kubernetes" {
  api_server_whitelist = var.api_server_whitelist
  nodeport_whitelist   = var.nodeport_whitelist
  ingress_whitelist    = var.ingress_whitelist
  extra_ingress_firewalls = var.extra_ingress_firewalls
 }
--- a/contrib/terraform/gcp/modules/kubernetes-cluster/main.tf
+++ b/contrib/terraform/gcp/modules/kubernetes-cluster/main.tf
@@ -219,7 +219,7 @@ resource "google_compute_instance" "master" {
  machine_type = each.value.size
  zone         = each.value.zone
-  tags = ["control-plane", "master", each.key]
+  tags = ["master"]
  boot_disk {
    initialize_params {
@@ -325,7 +325,7 @@ resource "google_compute_instance" "worker" {
  machine_type = each.value.size
  zone         = each.value.zone
-  tags = ["worker", each.key]
+  tags = ["worker"]
  boot_disk {
    initialize_params {
@@ -398,24 +398,3 @@ resource "google_compute_target_pool" "worker_lb" {
  name      = "${var.prefix}-worker-lb-pool"
  instances = local.worker_target_list
 }
 resource "google_compute_firewall" "extra_ingress_firewall" {
  for_each = {
    for name, firewall in var.extra_ingress_firewalls :
    name => firewall
  }
  name    = "${var.prefix}-${each.key}-ingress"
  network = google_compute_network.main.name
  priority = 100
  source_ranges = each.value.source_ranges
  target_tags = each.value.target_tags
  allow {
    protocol = each.value.protocol
    ports    = each.value.ports
  }
 }
--- a/contrib/terraform/gcp/modules/kubernetes-cluster/variables.tf
+++ b/contrib/terraform/gcp/modules/kubernetes-cluster/variables.tf
@@ -14,7 +14,7 @@ variable "machines" {
    }))
    boot_disk = object({
      image_name = string
-      size       = number
+      size = number
    })
  }))
 }
@@ -73,14 +73,3 @@ variable "ingress_whitelist" {
 variable "private_network_cidr" {
  default = "10.0.10.0/24"
 }
 variable "extra_ingress_firewalls" {
  type = map(object({
    source_ranges = set(string)
    protocol      = string
    ports         = list(string)
    target_tags   = set(string)
  }))
  default = {}
 }
--- a/contrib/terraform/gcp/variables.tf
+++ b/contrib/terraform/gcp/variables.tf
@@ -95,14 +95,3 @@ variable "ingress_whitelist" {
  type = list(string)
  default = ["0.0.0.0/0"]
 }
 variable "extra_ingress_firewalls" {
  type = map(object({
    source_ranges = set(string)
    protocol      = string
    ports         = list(string)
    target_tags   = set(string)
  }))
  default = {}
 }
--- a/contrib/terraform/hetzner/README.md
+++ b/contrib/terraform/hetzner/README.md
@@ -56,24 +56,11 @@ cd inventory/$CLUSTER
 Edit `default.tfvars` to match your requirement.
 Flatcar Container Linux instead of the basic Hetzner Images.
 ```bash
 cd ../../contrib/terraform/hetzner
 ```
 Edit `main.tf` and reactivate the module `source = "./modules/kubernetes-cluster-flatcar"`and
 comment out the `#source = "./modules/kubernetes-cluster"`.
 activate `ssh_private_key_path = var.ssh_private_key_path`. The VM boots into
 Rescue-Mode with the selected image of the `var.machines` but installs Flatcar instead.
 Run Terraform to create the infrastructure.
 ```bash
-cd ./kubespray
+terraform init ../../contrib/terraform/hetzner
-terraform -chdir=./contrib/terraform/hetzner/ init
+terraform apply --var-file default.tfvars ../../contrib/terraform/hetzner/
 terraform -chdir=./contrib/terraform/hetzner/ apply --var-file=../../../inventory/$CLUSTER/default.tfvars
 ```
 You should now have a inventory file named `inventory.ini` that you can use with kubespray.
--- a/contrib/terraform/hetzner/default.tfvars
+++ b/contrib/terraform/hetzner/default.tfvars
@@ -1,6 +1,6 @@
-prefix         = "default"
+prefix = "default"
-zone           = "hel1"
+zone   = "hel1"
-network_zone   = "eu-central"
+network_zone = "eu-central"
 inventory_file = "inventory.ini"
 ssh_public_keys = [
@@ -9,23 +9,21 @@ ssh_public_keys = [
  "ssh-rsa I-did-not-read-the-docs 2",
 ]
 ssh_private_key_path = "~/.ssh/id_rsa"
 machines = {
  "master-0" : {
    "node_type" : "master",
    "size" : "cx21",
-    "image" : "ubuntu-22.04",
+    "image" : "ubuntu-20.04",
  },
  "worker-0" : {
    "node_type" : "worker",
    "size" : "cx21",
-    "image" : "ubuntu-22.04",
+    "image" : "ubuntu-20.04",
  },
  "worker-1" : {
    "node_type" : "worker",
    "size" : "cx21",
-    "image" : "ubuntu-22.04",
+    "image" : "ubuntu-20.04",
  }
 }
--- a/contrib/terraform/hetzner/main.tf
+++ b/contrib/terraform/hetzner/main.tf
@@ -2,7 +2,6 @@ provider "hcloud" {}
 module "kubernetes" {
  source = "./modules/kubernetes-cluster"
  # source = "./modules/kubernetes-cluster-flatcar"
  prefix = var.prefix
@@ -10,11 +9,8 @@ module "kubernetes" {
  machines = var.machines
  #only for flatcar
  #ssh_private_key_path = var.ssh_private_key_path
  ssh_public_keys = var.ssh_public_keys
-  network_zone    = var.network_zone
+  network_zone = var.network_zone
  ssh_whitelist        = var.ssh_whitelist
  api_server_whitelist = var.api_server_whitelist
@@ -26,32 +22,31 @@ module "kubernetes" {
 # Generate ansible inventory
 #
-locals {
+data "template_file" "inventory" {
-  inventory = templatefile(
+  template = file("${path.module}/templates/inventory.tpl")
-    "${path.module}/templates/inventory.tpl",
+
-    {
+  vars = {
-      connection_strings_master = join("\n", formatlist("%s ansible_user=ubuntu ansible_host=%s ip=%s etcd_member_name=etcd%d",
+    connection_strings_master = join("\n", formatlist("%s ansible_user=ubuntu ansible_host=%s ip=%s etcd_member_name=etcd%d",
-        keys(module.kubernetes.master_ip_addresses),
+      keys(module.kubernetes.master_ip_addresses),
-        values(module.kubernetes.master_ip_addresses).*.public_ip,
+      values(module.kubernetes.master_ip_addresses).*.public_ip,
-        values(module.kubernetes.master_ip_addresses).*.private_ip,
+      values(module.kubernetes.master_ip_addresses).*.private_ip,
-      range(1, length(module.kubernetes.master_ip_addresses) + 1)))
+    range(1, length(module.kubernetes.master_ip_addresses) + 1)))
-      connection_strings_worker = join("\n", formatlist("%s ansible_user=ubuntu ansible_host=%s ip=%s",
+    connection_strings_worker = join("\n", formatlist("%s ansible_user=ubuntu ansible_host=%s ip=%s",
-        keys(module.kubernetes.worker_ip_addresses),
+      keys(module.kubernetes.worker_ip_addresses),
-        values(module.kubernetes.worker_ip_addresses).*.public_ip,
+      values(module.kubernetes.worker_ip_addresses).*.public_ip,
-      values(module.kubernetes.worker_ip_addresses).*.private_ip))
+    values(module.kubernetes.worker_ip_addresses).*.private_ip))
-      list_master = join("\n", keys(module.kubernetes.master_ip_addresses))
+    list_master = join("\n", keys(module.kubernetes.master_ip_addresses))
-      list_worker = join("\n", keys(module.kubernetes.worker_ip_addresses))
+    list_worker = join("\n", keys(module.kubernetes.worker_ip_addresses))
-      network_id  = module.kubernetes.network_id
+    network_id = module.kubernetes.network_id
-    }
+  }
  )
 }
 resource "null_resource" "inventories" {
  provisioner "local-exec" {
-    command = "echo '${local.inventory}' > ${var.inventory_file}"
+    command = "echo '${data.template_file.inventory.rendered}' > ${var.inventory_file}"
  }
  triggers = {
-    template = local.inventory
+    template = data.template_file.inventory.rendered
  }
 }
--- a/contrib/terraform/hetzner/modules/kubernetes-cluster-flatcar/main.tf
+++ b/contrib/terraform/hetzner/modules/kubernetes-cluster-flatcar/main.tf
@@ -1,144 +0,0 @@
 resource "hcloud_network" "kubernetes" {
  name     = "${var.prefix}-network"
  ip_range = var.private_network_cidr
 }
 resource "hcloud_network_subnet" "kubernetes" {
  type         = "cloud"
  network_id   = hcloud_network.kubernetes.id
  network_zone = var.network_zone
  ip_range     = var.private_subnet_cidr
 }
 resource "hcloud_ssh_key" "first" {
  name       = var.prefix
  public_key = var.ssh_public_keys.0
 }
 resource "hcloud_server" "machine" {
  for_each = {
    for name, machine in var.machines :
    name => machine
  }
  name     = "${var.prefix}-${each.key}"
  ssh_keys = [hcloud_ssh_key.first.id]
  # boot into rescue OS
  rescue = "linux64"
  # dummy value for the OS because Flatcar is not available
  image       = each.value.image
  server_type = each.value.size
  location    = var.zone
  connection {
    host        = self.ipv4_address
    timeout     = "5m"
    private_key = file(var.ssh_private_key_path)
  }
  firewall_ids = each.value.node_type == "master" ? [hcloud_firewall.master.id] : [hcloud_firewall.worker.id]
  provisioner "file" {
    content     = data.ct_config.machine-ignitions[each.key].rendered
    destination = "/root/ignition.json"
  }
  provisioner "remote-exec" {
    inline = [
      "set -ex",
      "apt update",
      "apt install -y gawk",
      "curl -fsSLO --retry-delay 1 --retry 60 --retry-connrefused --retry-max-time 60 --connect-timeout 20 https://raw.githubusercontent.com/flatcar/init/flatcar-master/bin/flatcar-install",
      "chmod +x flatcar-install",
      "./flatcar-install -s -i /root/ignition.json -C stable",
      "shutdown -r +1",
    ]
  }
  # optional:
  provisioner "remote-exec" {
    connection {
      host        = self.ipv4_address
      private_key = file(var.ssh_private_key_path)
      timeout     = "3m"
      user        = var.user_flatcar
    }
    inline = [
      "sudo hostnamectl set-hostname ${self.name}",
    ]
  }
 }
 resource "hcloud_server_network" "machine" {
  for_each = {
    for name, machine in var.machines :
    name => hcloud_server.machine[name]
  }
  server_id = each.value.id
  subnet_id = hcloud_network_subnet.kubernetes.id
 }
 data "ct_config" "machine-ignitions" {
  for_each = {
    for name, machine in var.machines :
    name => machine
  }
  strict = false
  content = templatefile(
    "${path.module}/templates/machine.yaml.tmpl",
    {
      ssh_keys     = jsonencode(var.ssh_public_keys)
      user_flatcar = var.user_flatcar
      name         = each.key
    }
  )
 }
 resource "hcloud_firewall" "master" {
  name = "${var.prefix}-master-firewall"
  rule {
    direction  = "in"
    protocol   = "tcp"
    port       = "22"
    source_ips = var.ssh_whitelist
  }
  rule {
    direction  = "in"
    protocol   = "tcp"
    port       = "6443"
    source_ips = var.api_server_whitelist
  }
 }
 resource "hcloud_firewall" "worker" {
  name = "${var.prefix}-worker-firewall"
  rule {
    direction  = "in"
    protocol   = "tcp"
    port       = "22"
    source_ips = var.ssh_whitelist
  }
  rule {
    direction  = "in"
    protocol   = "tcp"
    port       = "80"
    source_ips = var.ingress_whitelist
  }
  rule {
    direction  = "in"
    protocol   = "tcp"
    port       = "443"
    source_ips = var.ingress_whitelist
  }
  rule {
    direction  = "in"
    protocol   = "tcp"
    port       = "30000-32767"
    source_ips = var.nodeport_whitelist
  }
 }
--- a/contrib/terraform/hetzner/modules/kubernetes-cluster-flatcar/outputs.tf
+++ b/contrib/terraform/hetzner/modules/kubernetes-cluster-flatcar/outputs.tf
@@ -1,29 +0,0 @@
 output "master_ip_addresses" {
  value = {
    for name, machine in var.machines :
      name => {
        "private_ip" = hcloud_server_network.machine[name].ip
        "public_ip"  = hcloud_server.machine[name].ipv4_address
      }
      if machine.node_type == "master"
  }
 }
 output "worker_ip_addresses" {
  value = {
    for name, machine in var.machines :
      name => {
        "private_ip" = hcloud_server_network.machine[name].ip
        "public_ip"  = hcloud_server.machine[name].ipv4_address
      }
      if machine.node_type == "worker"
  }
 }
 output "cluster_private_network_cidr" {
  value = var.private_subnet_cidr
 }
 output "network_id" {
  value = hcloud_network.kubernetes.id
 }
--- a/contrib/terraform/hetzner/modules/kubernetes-cluster-flatcar/templates/machine.yaml.tmpl
+++ b/contrib/terraform/hetzner/modules/kubernetes-cluster-flatcar/templates/machine.yaml.tmpl
@@ -1,19 +0,0 @@
 variant: flatcar
 version: 1.0.0
 passwd:
  users:
    - name: ${user_flatcar}
      ssh_authorized_keys: ${ssh_keys}
 storage:
  files:
    - path: /home/core/works
      filesystem: root
      mode: 0755
      contents:
        inline: |
          #!/bin/bash
          set -euo pipefail
          hostname="$(hostname)"
          echo My name is ${name} and the hostname is $${hostname}
--- a/contrib/terraform/hetzner/modules/kubernetes-cluster-flatcar/variables.tf
+++ b/contrib/terraform/hetzner/modules/kubernetes-cluster-flatcar/variables.tf
@@ -1,60 +0,0 @@
 variable "zone" {
  type    = string
  default = "fsn1"
 }
 variable "prefix" {
  default = "k8s"
 }
 variable "user_flatcar" {
  type    = string
  default = "core"
 }
 variable "machines" {
  type = map(object({
    node_type = string
    size      = string
    image     = string
  }))
 }
 variable "ssh_public_keys" {
  type = list(string)
 }
 variable "ssh_private_key_path" {
  type    = string
  default = "~/.ssh/id_rsa"
 }
 variable "ssh_whitelist" {
  type = list(string)
 }
 variable "api_server_whitelist" {
  type = list(string)
 }
 variable "nodeport_whitelist" {
  type = list(string)
 }
 variable "ingress_whitelist" {
  type = list(string)
 }
 variable "private_network_cidr" {
  default = "10.0.0.0/16"
 }
 variable "private_subnet_cidr" {
  default = "10.0.10.0/24"
 }
 variable "network_zone" {
  default = "eu-central"
 }
--- a/contrib/terraform/hetzner/modules/kubernetes-cluster-flatcar/versions.tf
+++ b/contrib/terraform/hetzner/modules/kubernetes-cluster-flatcar/versions.tf
@@ -1,14 +0,0 @@
 terraform {
  required_providers {
    hcloud = {
      source = "hetznercloud/hcloud"
    }
    ct = {
      source  = "poseidon/ct"
      version = "0.11.0"
    }
    null = {
      source = "hashicorp/null"
    }
  }
 }
--- a/contrib/terraform/hetzner/modules/kubernetes-cluster/main.tf
+++ b/contrib/terraform/hetzner/modules/kubernetes-cluster/main.tf
@@ -75,17 +75,17 @@ resource "hcloud_firewall" "master" {
  name = "${var.prefix}-master-firewall"
  rule {
-    direction  = "in"
+   direction = "in"
-    protocol   = "tcp"
+   protocol = "tcp"
-    port       = "22"
+   port = "22"
-    source_ips = var.ssh_whitelist
+   source_ips = var.ssh_whitelist
  }
  rule {
-    direction  = "in"
+   direction = "in"
-    protocol   = "tcp"
+   protocol = "tcp"
-    port       = "6443"
+   port = "6443"
-    source_ips = var.api_server_whitelist
+   source_ips = var.api_server_whitelist
  }
 }
@@ -93,30 +93,30 @@ resource "hcloud_firewall" "worker" {
  name = "${var.prefix}-worker-firewall"
  rule {
-    direction  = "in"
+   direction = "in"
-    protocol   = "tcp"
+   protocol = "tcp"
-    port       = "22"
+   port = "22"
-    source_ips = var.ssh_whitelist
+   source_ips = var.ssh_whitelist
  }
  rule {
-    direction  = "in"
+   direction = "in"
-    protocol   = "tcp"
+   protocol = "tcp"
-    port       = "80"
+   port = "80"
-    source_ips = var.ingress_whitelist
+   source_ips = var.ingress_whitelist
  }
  rule {
-    direction  = "in"
+   direction = "in"
-    protocol   = "tcp"
+   protocol = "tcp"
-    port       = "443"
+   port = "443"
-    source_ips = var.ingress_whitelist
+   source_ips = var.ingress_whitelist
  }
  rule {
-    direction  = "in"
+   direction = "in"
-    protocol   = "tcp"
+   protocol = "tcp"
-    port       = "30000-32767"
+   port = "30000-32767"
-    source_ips = var.nodeport_whitelist
+   source_ips = var.nodeport_whitelist
  }
 }
--- a/contrib/terraform/hetzner/modules/kubernetes-cluster/output.tf
+++ b/contrib/terraform/hetzner/modules/kubernetes-cluster/output.tf
@@ -24,4 +24,4 @@ output "cluster_private_network_cidr" {
 output "network_id" {
  value = hcloud_network.kubernetes.id
-}
+}
--- a/contrib/terraform/hetzner/modules/kubernetes-cluster/templates/cloud-init.tmpl
+++ b/contrib/terraform/hetzner/modules/kubernetes-cluster/templates/cloud-init.tmpl
@@ -14,3 +14,4 @@ ssh_authorized_keys:
 %{ for ssh_public_key in ssh_public_keys ~}
  - ${ssh_public_key}
 %{ endfor ~}
--- a/contrib/terraform/hetzner/modules/kubernetes-cluster/versions.tf
+++ b/contrib/terraform/hetzner/modules/kubernetes-cluster/versions.tf
@@ -1,8 +1,8 @@
 terraform {
  required_providers {
    hcloud = {
-      source  = "hetznercloud/hcloud"
+      source = "hetznercloud/hcloud"
-      version = "1.38.2"
+      version = "1.31.1"
    }
  }
  required_version = ">= 0.14"
--- a/contrib/terraform/hetzner/sample-inventory/cluster.tfvars
+++ b/contrib/terraform/hetzner/sample-inventory/cluster.tfvars
@@ -1,46 +0,0 @@
 prefix         = "default"
 zone           = "hel1"
 network_zone   = "eu-central"
 inventory_file = "inventory.ini"
 ssh_public_keys = [
  # Put your public SSH key here
  "ssh-rsa I-did-not-read-the-docs",
  "ssh-rsa I-did-not-read-the-docs 2",
 ]
 ssh_private_key_path = "~/.ssh/id_rsa"
 machines = {
  "master-0" : {
    "node_type" : "master",
    "size" : "cx21",
    "image" : "ubuntu-22.04",
  },
  "worker-0" : {
    "node_type" : "worker",
    "size" : "cx21",
    "image" : "ubuntu-22.04",
  },
  "worker-1" : {
    "node_type" : "worker",
    "size" : "cx21",
    "image" : "ubuntu-22.04",
  }
 }
 nodeport_whitelist = [
  "0.0.0.0/0"
 ]
 ingress_whitelist = [
  "0.0.0.0/0"
 ]
 ssh_whitelist = [
  "0.0.0.0/0"
 ]
 api_server_whitelist = [
  "0.0.0.0/0"
 ]
--- a/contrib/terraform/hetzner/sample-inventory/group_vars
+++ b/contrib/terraform/hetzner/sample-inventory/group_vars
@@ -1 +0,0 @@
 ../../../../inventory/sample/group_vars
--- a/contrib/terraform/hetzner/templates/inventory.tpl
+++ b/contrib/terraform/hetzner/templates/inventory.tpl
@@ -2,18 +2,18 @@
 ${connection_strings_master}
 ${connection_strings_worker}
-[kube_control_plane]
+[kube-master]
 ${list_master}
 [etcd]
 ${list_master}
-[kube_node]
+[kube-node]
 ${list_worker}
-[k8s_cluster:children]
+[k8s-cluster:children]
 kube-master
 kube-node
-[k8s_cluster:vars]
+[k8s-cluster:vars]
 network_id=${network_id}
--- a/contrib/terraform/hetzner/variables.tf
+++ b/contrib/terraform/hetzner/variables.tf
@@ -3,7 +3,7 @@ variable "zone" {
 }
 variable "network_zone" {
  description = "The network zone where the cluster is running"
-  default     = "eu-central"
+  default = "eu-central"
 }
 variable "prefix" {
@@ -25,12 +25,6 @@ variable "ssh_public_keys" {
  type        = list(string)
 }
 variable "ssh_private_key_path" {
  description = "Private SSH key which connect to the VMs."
  type        = string
  default     = "~/.ssh/id_rsa"
 }
 variable "ssh_whitelist" {
  description = "List of IP ranges (CIDR) to whitelist for ssh"
  type        = list(string)
--- a/contrib/terraform/hetzner/versions.tf
+++ b/contrib/terraform/hetzner/versions.tf
@@ -2,11 +2,14 @@ terraform {
  required_providers {
    hcloud = {
      source  = "hetznercloud/hcloud"
-      version = "1.38.2"
+      version = "1.31.1"
    }
    null = {
      source = "hashicorp/null"
    }
    template = {
      source = "hashicorp/template"
    }
  }
  required_version = ">= 0.14"
 }
--- a/contrib/terraform/equinix/README.md
+++ b/contrib/terraform/equinix/README.md
@@ -12,7 +12,7 @@ This will install a Kubernetes cluster on Equinix Metal. It should work in all l
 The terraform configuration inspects variables found in
 [variables.tf](variables.tf) to create resources in your Equinix Metal project.
 There is a [python script](../terraform.py) that reads the generated`.tfstate`
-file to generate a dynamic inventory that is consumed by [cluster.yml](../../../cluster.yml)
+file to generate a dynamic inventory that is consumed by [cluster.yml](../../..//cluster.yml)
 to actually install Kubernetes with Kubespray.
 ### Kubernetes Nodes
@@ -60,16 +60,16 @@ Terraform will be used to provision all of the Equinix Metal resources with base
 Create an inventory directory for your cluster by copying the existing sample and linking the `hosts` script (used to build the inventory based on Terraform state):
 ```ShellSession
-cp -LRp contrib/terraform/equinix/sample-inventory inventory/$CLUSTER
+cp -LRp contrib/terraform/metal/sample-inventory inventory/$CLUSTER
 cd inventory/$CLUSTER
-ln -s ../../contrib/terraform/equinix/hosts
+ln -s ../../contrib/terraform/metal/hosts
 ```
 This will be the base for subsequent Terraform commands.
 #### Equinix Metal API access
-Your Equinix Metal API key must be available in the `METAL_AUTH_TOKEN` environment variable.
+Your Equinix Metal API key must be available in the `PACKET_AUTH_TOKEN` environment variable.
 This key is typically stored outside of the code repo since it is considered secret.
 If someone gets this key, they can startup/shutdown hosts in your project!
@@ -80,12 +80,10 @@ The Equinix Metal Project ID associated with the key will be set later in `clust
 For more information about the API, please see [Equinix Metal API](https://metal.equinix.com/developers/api/).
 For more information about terraform provider authentication, please see [the equinix provider documentation](https://registry.terraform.io/providers/equinix/equinix/latest/docs).
 Example:
 ```ShellSession
-export METAL_AUTH_TOKEN="Example-API-Token"
+export PACKET_AUTH_TOKEN="Example-API-Token"
 ```
 Note that to deploy several clusters within the same project you need to use [terraform workspace](https://www.terraform.io/docs/state/workspaces.html#using-workspaces).
@@ -103,7 +101,7 @@ This helps when identifying which hosts are associated with each cluster.
 While the defaults in variables.tf will successfully deploy a cluster, it is recommended to set the following values:
 - cluster_name = the name of the inventory directory created above as $CLUSTER
- equinix_metal_project_id = the Equinix Metal Project ID associated with the Equinix Metal API token above
+- metal_project_id = the Equinix Metal Project ID associated with the Equinix Metal API token above
 #### Enable localhost access
@@ -121,13 +119,12 @@ Once the Kubespray playbooks are run, a Kubernetes configuration file will be wr
 In the cluster's inventory folder, the following files might be created (either by Terraform
 or manually), to prevent you from pushing them accidentally they are in a
-`.gitignore` file in the `contrib/terraform/equinix` directory :
+`.gitignore` file in the `terraform/metal` directory :
 - `.terraform`
 - `.tfvars`
 - `.tfstate`
 - `.tfstate.backup`
 - `.lock.hcl`
 You can still add them manually if you want to.
@@ -138,7 +135,7 @@ plugins. This is accomplished as follows:
 ```ShellSession
 cd inventory/$CLUSTER
-terraform -chdir=../../contrib/terraform/metal init -var-file=cluster.tfvars
+terraform init ../../contrib/terraform/metal
 ```
 This should finish fairly quickly telling you Terraform has successfully initialized and loaded necessary modules.
@@ -149,7 +146,7 @@ You can apply the Terraform configuration to your cluster with the following com
 issued from your cluster's inventory directory (`inventory/$CLUSTER`):
 ```ShellSession
-terraform -chdir=../../contrib/terraform/equinix apply -var-file=cluster.tfvars
+terraform apply -var-file=cluster.tfvars ../../contrib/terraform/metal
 export ANSIBLE_HOST_KEY_CHECKING=False
 ansible-playbook -i hosts ../../cluster.yml
 ```
@@ -159,7 +156,7 @@ ansible-playbook -i hosts ../../cluster.yml
 You can destroy your new cluster with the following command issued from the cluster's inventory directory:
 ```ShellSession
-terraform -chdir=../../contrib/terraform/equinix destroy -var-file=cluster.tfvars
+terraform destroy -var-file=cluster.tfvars ../../contrib/terraform/metal
 ```
 If you've started the Ansible run, it may also be a good idea to do some manual cleanup:
--- a/contrib/terraform/equinix/hosts
+++ b/contrib/terraform/equinix/hosts
--- a/contrib/terraform/equinix/kubespray.tf
+++ b/contrib/terraform/equinix/kubespray.tf
@@ -1,57 +1,62 @@
-resource "equinix_metal_ssh_key" "k8s" {
+# Configure the Equinix Metal Provider
 provider "metal" {
 }
 resource "metal_ssh_key" "k8s" {
  count      = var.public_key_path != "" ? 1 : 0
  name       = "kubernetes-${var.cluster_name}"
  public_key = chomp(file(var.public_key_path))
 }
-resource "equinix_metal_device" "k8s_master" {
+resource "metal_device" "k8s_master" {
-  depends_on = [equinix_metal_ssh_key.k8s]
+  depends_on = [metal_ssh_key.k8s]
  count            = var.number_of_k8s_masters
  hostname         = "${var.cluster_name}-k8s-master-${count.index + 1}"
  plan             = var.plan_k8s_masters
-  metro            = var.metro
+  facilities       = [var.facility]
  operating_system = var.operating_system
  billing_cycle    = var.billing_cycle
-  project_id       = var.equinix_metal_project_id
+  project_id       = var.metal_project_id
  tags             = ["cluster-${var.cluster_name}", "k8s_cluster", "kube_control_plane", "etcd", "kube_node"]
 }
-resource "equinix_metal_device" "k8s_master_no_etcd" {
+resource "metal_device" "k8s_master_no_etcd" {
-  depends_on = [equinix_metal_ssh_key.k8s]
+  depends_on = [metal_ssh_key.k8s]
  count            = var.number_of_k8s_masters_no_etcd
  hostname         = "${var.cluster_name}-k8s-master-${count.index + 1}"
  plan             = var.plan_k8s_masters_no_etcd
-  metro            = var.metro
+  facilities       = [var.facility]
  operating_system = var.operating_system
  billing_cycle    = var.billing_cycle
-  project_id       = var.equinix_metal_project_id
+  project_id       = var.metal_project_id
  tags             = ["cluster-${var.cluster_name}", "k8s_cluster", "kube_control_plane"]
 }
-resource "equinix_metal_device" "k8s_etcd" {
+resource "metal_device" "k8s_etcd" {
-  depends_on = [equinix_metal_ssh_key.k8s]
+  depends_on = [metal_ssh_key.k8s]
  count            = var.number_of_etcd
  hostname         = "${var.cluster_name}-etcd-${count.index + 1}"
  plan             = var.plan_etcd
-  metro            = var.metro
+  facilities       = [var.facility]
  operating_system = var.operating_system
  billing_cycle    = var.billing_cycle
-  project_id       = var.equinix_metal_project_id
+  project_id       = var.metal_project_id
  tags             = ["cluster-${var.cluster_name}", "etcd"]
 }
-resource "equinix_metal_device" "k8s_node" {
+resource "metal_device" "k8s_node" {
-  depends_on = [equinix_metal_ssh_key.k8s]
+  depends_on = [metal_ssh_key.k8s]
  count            = var.number_of_k8s_nodes
  hostname         = "${var.cluster_name}-k8s-node-${count.index + 1}"
  plan             = var.plan_k8s_nodes
-  metro            = var.metro
+  facilities       = [var.facility]
  operating_system = var.operating_system
  billing_cycle    = var.billing_cycle
-  project_id       = var.equinix_metal_project_id
+  project_id       = var.metal_project_id
  tags             = ["cluster-${var.cluster_name}", "k8s_cluster", "kube_node"]
 }
--- a/contrib/terraform/metal/output.tf
+++ b/contrib/terraform/metal/output.tf
@@ -0,0 +1,16 @@
 output "k8s_masters" {
  value = metal_device.k8s_master.*.access_public_ipv4
 }
 output "k8s_masters_no_etc" {
  value = metal_device.k8s_master_no_etcd.*.access_public_ipv4
 }
 output "k8s_etcds" {
  value = metal_device.k8s_etcd.*.access_public_ipv4
 }
 output "k8s_nodes" {
  value = metal_device.k8s_node.*.access_public_ipv4
 }
--- a/contrib/terraform/equinix/sample-inventory/cluster.tfvars
+++ b/contrib/terraform/equinix/sample-inventory/cluster.tfvars
@@ -1,19 +1,16 @@
 # your Kubernetes cluster name here
 cluster_name = "mycluster"
-# Your Equinix Metal project ID. See https://metal.equinix.com/developers/docs/accounts/
+# Your Equinix Metal project ID. See hhttps://metal.equinix.com/developers/docs/accounts/
-equinix_metal_project_id = "Example-Project-Id"
+metal_project_id = "Example-API-Token"
 # The public SSH key to be uploaded into authorized_keys in bare metal Equinix Metal nodes provisioned
 # leave this value blank if the public key is already setup in the Equinix Metal project
 # Terraform will complain if the public key is setup in Equinix Metal
 public_key_path = "~/.ssh/id_rsa.pub"
-# Equinix interconnected bare metal across our global metros.
+# cluster location
-metro = "da"
+facility = "ewr1"
 # operating_system
 operating_system = "ubuntu_22_04"
 # standalone etcds
 number_of_etcd = 0
--- a/contrib/terraform/equinix/sample-inventory/group_vars
+++ b/contrib/terraform/equinix/sample-inventory/group_vars
--- a/contrib/terraform/equinix/variables.tf
+++ b/contrib/terraform/equinix/variables.tf
@@ -2,12 +2,12 @@ variable "cluster_name" {
  default = "kubespray"
 }
-variable "equinix_metal_project_id" {
+variable "metal_project_id" {
  description = "Your Equinix Metal project ID. See https://metal.equinix.com/developers/docs/accounts/"
 }
 variable "operating_system" {
-  default = "ubuntu_22_04"
+  default = "ubuntu_20_04"
 }
 variable "public_key_path" {
@@ -19,8 +19,8 @@ variable "billing_cycle" {
  default = "hourly"
 }
-variable "metro" {
+variable "facility" {
-  default = "da"
+  default = "dfw2"
 }
 variable "plan_k8s_masters" {
@@ -54,3 +54,4 @@ variable "number_of_etcd" {
 variable "number_of_k8s_nodes" {
  default = 1
 }
--- a/contrib/terraform/metal/versions.tf
+++ b/contrib/terraform/metal/versions.tf
@@ -0,0 +1,9 @@
 terraform {
  required_version = ">= 0.12"
  required_providers {
    metal = {
      source = "equinix/metal"
    }
  }
 }
--- a/contrib/terraform/openstack/README.md
+++ b/contrib/terraform/openstack/README.md
@@ -88,7 +88,7 @@ binaries available on hyperkube v1.4.3_coreos.0 or higher.
 ## Requirements
- [Install Terraform](https://www.terraform.io/intro/getting-started/install.html) 0.14 or later
+- [Install Terraform](https://www.terraform.io/intro/getting-started/install.html) 0.12 or later
 - [Install Ansible](http://docs.ansible.com/ansible/latest/intro_installation.html)
 - you already have a suitable OS image in Glance
 - you already have a floating IP pool created
@@ -270,7 +270,6 @@ For your cluster, edit `inventory/$CLUSTER/cluster.tfvars`.
 |`supplementary_node_groups` | To add ansible groups to the nodes, such as `kube_ingress` for running ingress controller pods, empty by default. |
 |`bastion_allowed_remote_ips` | List of CIDR allowed to initiate a SSH connection, `["0.0.0.0/0"]` by default |
 |`master_allowed_remote_ips` | List of CIDR blocks allowed to initiate an API connection, `["0.0.0.0/0"]` by default |
 |`bastion_allowed_ports` | List of ports to open on bastion node, `[]` by default |
 |`k8s_allowed_remote_ips` | List of CIDR allowed to initiate a SSH connection, empty by default |
 |`worker_allowed_ports` | List of ports to open on worker nodes, `[{ "protocol" = "tcp", "port_range_min" = 30000, "port_range_max" = 32767, "remote_ip_prefix" = "0.0.0.0/0"}]` by default |
 |`master_allowed_ports` | List of ports to open on master nodes, expected format is `[{ "protocol" = "tcp", "port_range_min" = 443, "port_range_max" = 443, "remote_ip_prefix" = "0.0.0.0/0"}]`, empty by default |
@@ -284,7 +283,6 @@ For your cluster, edit `inventory/$CLUSTER/cluster.tfvars`.
 |`master_server_group_policy` | Enable and use openstack nova servergroups for masters with set policy, default: "" (disabled) |
 |`node_server_group_policy` | Enable and use openstack nova servergroups for nodes with set policy, default: "" (disabled) |
 |`etcd_server_group_policy` | Enable and use openstack nova servergroups for etcd with set policy, default: "" (disabled) |
 |`additional_server_groups` | Extra server groups to create. Set "policy" to the policy for the group, expected format is `{"new-server-group" = {"policy" = "anti-affinity"}}`, default: {} (to not create any extra groups) |
 |`use_access_ip` | If 1, nodes with floating IPs will transmit internal cluster traffic via floating IPs; if 0 private IPs will be used instead. Default value is 1. |
 |`port_security_enabled` | Allow to disable port security by setting this to `false`. `true` by default |
 |`force_null_port_security` | Set `null` instead of `true` or `false` for `port_security`. `false` by default |
@@ -293,32 +291,10 @@ For your cluster, edit `inventory/$CLUSTER/cluster.tfvars`.
 ##### k8s_nodes
-Allows a custom definition of worker nodes giving the operator full control over individual node flavor and availability zone placement.
+Allows a custom definition of worker nodes giving the operator full control over individual node flavor and
-To enable the use of this mode set the `number_of_k8s_nodes` and `number_of_k8s_nodes_no_floating_ip` variables to 0.
+availability zone placement. To enable the use of this mode set the `number_of_k8s_nodes` and
-Then define your desired worker node configuration using the `k8s_nodes` variable.
+`number_of_k8s_nodes_no_floating_ip` variables to 0. Then define your desired worker node configuration
-The `az`, `flavor` and `floating_ip` parameters are mandatory.
+using the `k8s_nodes` variable.
 The optional parameter `extra_groups` (a comma-delimited string) can be used to define extra inventory group memberships for specific nodes.
 ```yaml
 k8s_nodes:
   node-name:
    az: string # Name of the AZ
    flavor: string # Flavor ID to use
    floating_ip: bool # If floating IPs should be created or not
    extra_groups: string # (optional) Additional groups to add for kubespray, defaults to no groups
    image_id: string # (optional) Image ID to use, defaults to var.image_id or var.image
    root_volume_size_in_gb: number # (optional) Size of the block storage to use as root disk, defaults to var.node_root_volume_size_in_gb or to use volume from flavor otherwise
    volume_type: string # (optional) Volume type to use, defaults to var.node_volume_type
    network_id: string # (optional) Use this network_id for the node, defaults to either var.network_id or ID of var.network_name
    server_group: string # (optional) Server group to add this node to. If set, this has to be one specified in additional_server_groups, defaults to use the server group specified in node_server_group_policy
    cloudinit: # (optional) Options for cloud-init
      extra_partitions: # List of extra partitions (other than the root partition) to setup during creation
        volume_path: string # Path to the volume to create partition for (e.g. /dev/vda )
        partition_path: string # Path to the partition (e.g. /dev/vda2 )
        mount_path: string # Path to where the partition should be mounted
        partition_start: string # Where the partition should start (e.g. 10GB ). Note, if you set the partition_start to 0 there will be no space left for the root partition
        partition_end: string # Where the partition should end (e.g. 10GB or -1 for end of volume)
 ```
 For example:
@@ -338,7 +314,6 @@ k8s_nodes = {
    "az" = "sto3"
    "flavor" = "83d8b44a-26a0-4f02-a981-079446926445"
    "floating_ip" = true
    "extra_groups" = "calico_rr"
  }
 }
 ```
@@ -449,7 +424,7 @@ This should finish fairly quickly telling you Terraform has successfully initial
 You can apply cloud-init based customization for the openstack instances before provisioning your cluster.
 One common template is used for all instances. Adjust the file shown below:
-`contrib/terraform/openstack/modules/compute/templates/cloudinit.yaml.tmpl`
+`contrib/terraform/openstack/modules/compute/templates/cloudinit.yaml`
 For example, to enable openstack novnc access and ansible_user=root SSH access:
 ```ShellSession
--- a/contrib/terraform/openstack/kubespray.tf
+++ b/contrib/terraform/openstack/kubespray.tf
@@ -84,7 +84,6 @@ module "compute" {
  supplementary_node_groups                    = var.supplementary_node_groups
  master_allowed_ports                         = var.master_allowed_ports
  worker_allowed_ports                         = var.worker_allowed_ports
  bastion_allowed_ports                        = var.bastion_allowed_ports
  use_access_ip                                = var.use_access_ip
  master_server_group_policy                   = var.master_server_group_policy
  node_server_group_policy                     = var.node_server_group_policy
@@ -97,12 +96,6 @@ module "compute" {
  network_router_id                            = module.network.router_id
  network_id                                   = module.network.network_id
  use_existing_network                         = var.use_existing_network
  private_subnet_id                            = module.network.subnet_id
  additional_server_groups                     = var.additional_server_groups
  depends_on = [
    module.network.subnet_id
  ]
 }
 output "private_subnet_id" {
@@ -118,7 +111,7 @@ output "router_id" {
 }
 output "k8s_master_fips" {
-  value = var.number_of_k8s_masters + var.number_of_k8s_masters_no_etcd > 0 ? concat(module.ips.k8s_master_fips, module.ips.k8s_master_no_etcd_fips) : [for key, value in module.ips.k8s_masters_fips : value.address]
+  value = concat(module.ips.k8s_master_fips, module.ips.k8s_master_no_etcd_fips)
 }
 output "k8s_node_fips" {
--- a/contrib/terraform/openstack/modules/compute/main.tf
+++ b/contrib/terraform/openstack/modules/compute/main.tf
@@ -15,14 +15,8 @@ data "openstack_images_image_v2" "image_master" {
  name = var.image_master == "" ? var.image : var.image_master
 }
-data "cloudinit_config" "cloudinit" {
+data "template_file" "cloudinit" {
-  part {
+  template = file("${path.module}/templates/cloudinit.yaml")
    content_type =  "text/cloud-config"
    content = templatefile("${path.module}/templates/cloudinit.yaml.tmpl", {
      # template_file doesn't support lists
      extra_partitions = ""
    })
  }
 }
 data "openstack_networking_network_v2" "k8s_network" {
@@ -88,17 +82,6 @@ resource "openstack_networking_secgroup_rule_v2" "bastion" {
  security_group_id = openstack_networking_secgroup_v2.bastion[0].id
 }
 resource "openstack_networking_secgroup_rule_v2" "k8s_bastion_ports" {
  count             = length(var.bastion_allowed_ports)
  direction         = "ingress"
  ethertype         = "IPv4"
  protocol          = lookup(var.bastion_allowed_ports[count.index], "protocol", "tcp")
  port_range_min    = lookup(var.bastion_allowed_ports[count.index], "port_range_min")
  port_range_max    = lookup(var.bastion_allowed_ports[count.index], "port_range_max")
  remote_ip_prefix  = lookup(var.bastion_allowed_ports[count.index], "remote_ip_prefix", "0.0.0.0/0")
  security_group_id = openstack_networking_secgroup_v2.bastion[0].id
 }
 resource "openstack_networking_secgroup_v2" "k8s" {
  name                 = "${var.cluster_name}-k8s"
  description          = "${var.cluster_name} - Kubernetes"
@@ -173,12 +156,6 @@ resource "openstack_compute_servergroup_v2" "k8s_etcd" {
  policies = [var.etcd_server_group_policy]
 }
 resource "openstack_compute_servergroup_v2" "k8s_node_additional" {
  for_each = var.additional_server_groups
  name     = "k8s-${each.key}-srvgrp"
  policies = [each.value.policy]
 }
 locals {
 # master groups
  master_sec_groups = compact([
@@ -208,29 +185,6 @@ locals {
  image_to_use_gfs = var.image_gfs_uuid != "" ? var.image_gfs_uuid : var.image_uuid != "" ? var.image_uuid : data.openstack_images_image_v2.gfs_image[0].id
 # image_master uuidimage_gfs_uuid
  image_to_use_master = var.image_master_uuid != "" ? var.image_master_uuid : var.image_uuid != "" ? var.image_uuid : data.openstack_images_image_v2.image_master[0].id
  k8s_nodes_settings = {
    for name, node in var.k8s_nodes :
      name => {
        "use_local_disk" = (node.root_volume_size_in_gb != null ? node.root_volume_size_in_gb : var.node_root_volume_size_in_gb) == 0,
        "image_id"       = node.image_id != null ? node.image_id : local.image_to_use_node,
        "volume_size"    = node.root_volume_size_in_gb != null ? node.root_volume_size_in_gb : var.node_root_volume_size_in_gb,
        "volume_type"    = node.volume_type != null ? node.volume_type : var.node_volume_type,
        "network_id"     = node.network_id != null ? node.network_id : (var.use_existing_network ? data.openstack_networking_network_v2.k8s_network[0].id : var.network_id)
        "server_group"   = node.server_group != null ? [openstack_compute_servergroup_v2.k8s_node_additional[node.server_group].id] : (var.node_server_group_policy != ""  ? [openstack_compute_servergroup_v2.k8s_node[0].id] : [])
      }
  }
  k8s_masters_settings = {
    for name, node in var.k8s_masters :
      name => {
        "use_local_disk" = (node.root_volume_size_in_gb != null ? node.root_volume_size_in_gb : var.master_root_volume_size_in_gb) == 0,
        "image_id"       = node.image_id != null ? node.image_id : local.image_to_use_master,
        "volume_size"    = node.root_volume_size_in_gb != null ? node.root_volume_size_in_gb : var.master_root_volume_size_in_gb,
        "volume_type"    = node.volume_type != null ? node.volume_type : var.master_volume_type,
        "network_id"     = node.network_id != null ? node.network_id : (var.use_existing_network ? data.openstack_networking_network_v2.k8s_network[0].id : var.network_id)
      }
  }
 }
 resource "openstack_networking_port_v2" "bastion_port" {
@@ -241,12 +195,6 @@ resource "openstack_networking_port_v2" "bastion_port" {
  port_security_enabled = var.force_null_port_security ? null : var.port_security_enabled
  security_group_ids    = var.port_security_enabled ? local.bastion_sec_groups : null
  no_security_groups    = var.port_security_enabled ? null : false
  dynamic "fixed_ip" {
    for_each = var.private_subnet_id == "" ? [] : [true]
    content {
      subnet_id = var.private_subnet_id
    }
  }
  depends_on = [
    var.network_router_id
@@ -259,7 +207,7 @@ resource "openstack_compute_instance_v2" "bastion" {
  image_id   = var.bastion_root_volume_size_in_gb == 0 ? local.image_to_use_node : null
  flavor_id  = var.flavor_bastion
  key_pair   = openstack_compute_keypair_v2.k8s.name
-  user_data  = data.cloudinit_config.cloudinit.rendered
+  user_data  = data.template_file.cloudinit.rendered
  dynamic "block_device" {
    for_each = var.bastion_root_volume_size_in_gb > 0 ? [local.image_to_use_node] : []
@@ -297,12 +245,6 @@ resource "openstack_networking_port_v2" "k8s_master_port" {
  port_security_enabled = var.force_null_port_security ? null : var.port_security_enabled
  security_group_ids    = var.port_security_enabled ? local.master_sec_groups : null
  no_security_groups    = var.port_security_enabled ? null : false
  dynamic "fixed_ip" {
    for_each = var.private_subnet_id == "" ? [] : [true]
    content {
      subnet_id = var.private_subnet_id
    }
  }
  depends_on = [
    var.network_router_id
@@ -316,7 +258,7 @@ resource "openstack_compute_instance_v2" "k8s_master" {
  image_id          = var.master_root_volume_size_in_gb == 0 ? local.image_to_use_master : null
  flavor_id         = var.flavor_k8s_master
  key_pair          = openstack_compute_keypair_v2.k8s.name
-  user_data         = data.cloudinit_config.cloudinit.rendered
+  user_data         = data.template_file.cloudinit.rendered
  dynamic "block_device" {
@@ -358,17 +300,11 @@ resource "openstack_compute_instance_v2" "k8s_master" {
 resource "openstack_networking_port_v2" "k8s_masters_port" {
  for_each              = var.number_of_k8s_masters == 0 && var.number_of_k8s_masters_no_etcd == 0 && var.number_of_k8s_masters_no_floating_ip == 0 && var.number_of_k8s_masters_no_floating_ip_no_etcd == 0 ? var.k8s_masters : {}
  name                  = "${var.cluster_name}-k8s-${each.key}"
-  network_id            = local.k8s_masters_settings[each.key].network_id
+  network_id            = var.use_existing_network ? data.openstack_networking_network_v2.k8s_network[0].id : var.network_id
  admin_state_up        = "true"
  port_security_enabled = var.force_null_port_security ? null : var.port_security_enabled
  security_group_ids    = var.port_security_enabled ? local.master_sec_groups : null
  no_security_groups    = var.port_security_enabled ? null : false
  dynamic "fixed_ip" {
    for_each = var.private_subnet_id == "" ? [] : [true]
    content {
      subnet_id = var.private_subnet_id
    }
  }
  depends_on = [
    var.network_router_id
@@ -379,17 +315,17 @@ resource "openstack_compute_instance_v2" "k8s_masters" {
  for_each          = var.number_of_k8s_masters == 0 && var.number_of_k8s_masters_no_etcd == 0 && var.number_of_k8s_masters_no_floating_ip == 0 && var.number_of_k8s_masters_no_floating_ip_no_etcd == 0 ? var.k8s_masters : {}
  name              = "${var.cluster_name}-k8s-${each.key}"
  availability_zone = each.value.az
-  image_id          = local.k8s_masters_settings[each.key].use_local_disk ? local.k8s_masters_settings[each.key].image_id : null
+  image_id          = var.master_root_volume_size_in_gb == 0 ? local.image_to_use_master : null
  flavor_id         = each.value.flavor
  key_pair          = openstack_compute_keypair_v2.k8s.name
  dynamic "block_device" {
-    for_each = !local.k8s_masters_settings[each.key].use_local_disk ? [local.k8s_masters_settings[each.key].image_id] : []
+    for_each = var.master_root_volume_size_in_gb > 0 ? [local.image_to_use_master] : []
    content {
-      uuid                  = block_device.value
+      uuid                  = local.image_to_use_master
      source_type           = "image"
-      volume_size           = local.k8s_masters_settings[each.key].volume_size
+      volume_size           = var.master_root_volume_size_in_gb
-      volume_type           = local.k8s_masters_settings[each.key].volume_type
+      volume_type           = var.master_volume_type
      boot_index            = 0
      destination_type      = "volume"
      delete_on_termination = true
@@ -415,7 +351,7 @@ resource "openstack_compute_instance_v2" "k8s_masters" {
  }
  provisioner "local-exec" {
-    command = "%{if each.value.floating_ip}sed s/USER/${var.ssh_user}/ ${path.module}/ansible_bastion_template.txt | sed s/BASTION_ADDRESS/${element(concat(var.bastion_fips, [for key, value in var.k8s_masters_fips : value.address]), 0)}/ > ${var.group_vars_path}/no_floating.yml%{else}true%{endif}"
+    command = "%{if each.value.floating_ip}sed s/USER/${var.ssh_user}/ ${path.root}/ansible_bastion_template.txt | sed s/BASTION_ADDRESS/${element(concat(var.bastion_fips, [for key, value in var.k8s_masters_fips : value.address]), 0)}/ > ${var.group_vars_path}/no_floating.yml%{else}true%{endif}"
  }
 }
@@ -427,12 +363,6 @@ resource "openstack_networking_port_v2" "k8s_master_no_etcd_port" {
  port_security_enabled = var.force_null_port_security ? null : var.port_security_enabled
  security_group_ids    = var.port_security_enabled ? local.master_sec_groups : null
  no_security_groups    = var.port_security_enabled ? null : false
  dynamic "fixed_ip" {
    for_each = var.private_subnet_id == "" ? [] : [true]
    content {
      subnet_id = var.private_subnet_id
    }
  }
  depends_on = [
    var.network_router_id
@@ -446,7 +376,7 @@ resource "openstack_compute_instance_v2" "k8s_master_no_etcd" {
  image_id          = var.master_root_volume_size_in_gb == 0 ? local.image_to_use_master : null
  flavor_id         = var.flavor_k8s_master
  key_pair          = openstack_compute_keypair_v2.k8s.name
-  user_data         = data.cloudinit_config.cloudinit.rendered
+  user_data         = data.template_file.cloudinit.rendered
  dynamic "block_device" {
@@ -493,12 +423,6 @@ resource "openstack_networking_port_v2" "etcd_port" {
  port_security_enabled = var.force_null_port_security ? null : var.port_security_enabled
  security_group_ids    = var.port_security_enabled ? local.etcd_sec_groups : null
  no_security_groups    = var.port_security_enabled ? null : false
  dynamic "fixed_ip" {
    for_each = var.private_subnet_id == "" ? [] : [true]
    content {
      subnet_id = var.private_subnet_id
    }
  }
  depends_on = [
    var.network_router_id
@@ -512,7 +436,7 @@ resource "openstack_compute_instance_v2" "etcd" {
  image_id          = var.etcd_root_volume_size_in_gb == 0 ? local.image_to_use_master : null
  flavor_id         = var.flavor_etcd
  key_pair          = openstack_compute_keypair_v2.k8s.name
-  user_data         = data.cloudinit_config.cloudinit.rendered
+  user_data         = data.template_file.cloudinit.rendered
  dynamic "block_device" {
    for_each = var.etcd_root_volume_size_in_gb > 0 ? [local.image_to_use_master] : []
@@ -553,12 +477,6 @@ resource "openstack_networking_port_v2" "k8s_master_no_floating_ip_port" {
  port_security_enabled = var.force_null_port_security ? null : var.port_security_enabled
  security_group_ids    = var.port_security_enabled ? local.master_sec_groups : null
  no_security_groups    = var.port_security_enabled ? null : false
  dynamic "fixed_ip" {
    for_each = var.private_subnet_id == "" ? [] : [true]
    content {
      subnet_id = var.private_subnet_id
    }
  }
  depends_on = [
    var.network_router_id
@@ -613,12 +531,6 @@ resource "openstack_networking_port_v2" "k8s_master_no_floating_ip_no_etcd_port"
  port_security_enabled = var.force_null_port_security ? null : var.port_security_enabled
  security_group_ids    = var.port_security_enabled ? local.master_sec_groups : null
  no_security_groups    = var.port_security_enabled ? null : false
  dynamic "fixed_ip" {
    for_each = var.private_subnet_id == "" ? [] : [true]
    content {
      subnet_id = var.private_subnet_id
    }
  }
  depends_on = [
    var.network_router_id
@@ -632,7 +544,7 @@ resource "openstack_compute_instance_v2" "k8s_master_no_floating_ip_no_etcd" {
  image_id          = var.master_root_volume_size_in_gb == 0 ? local.image_to_use_master : null
  flavor_id         = var.flavor_k8s_master
  key_pair          = openstack_compute_keypair_v2.k8s.name
-  user_data         = data.cloudinit_config.cloudinit.rendered
+  user_data         = data.template_file.cloudinit.rendered
  dynamic "block_device" {
    for_each = var.master_root_volume_size_in_gb > 0 ? [local.image_to_use_master] : []
@@ -674,12 +586,6 @@ resource "openstack_networking_port_v2" "k8s_node_port" {
  port_security_enabled = var.force_null_port_security ? null : var.port_security_enabled
  security_group_ids    = var.port_security_enabled ? local.worker_sec_groups : null
  no_security_groups    = var.port_security_enabled ? null : false
  dynamic "fixed_ip" {
    for_each = var.private_subnet_id == "" ? [] : [true]
    content {
      subnet_id = var.private_subnet_id
    }
  }
  depends_on = [
    var.network_router_id
@@ -693,7 +599,7 @@ resource "openstack_compute_instance_v2" "k8s_node" {
  image_id          = var.node_root_volume_size_in_gb == 0 ? local.image_to_use_node : null
  flavor_id         = var.flavor_k8s_node
  key_pair          = openstack_compute_keypair_v2.k8s.name
-  user_data         = data.cloudinit_config.cloudinit.rendered
+  user_data         = data.template_file.cloudinit.rendered
  dynamic "block_device" {
    for_each = var.node_root_volume_size_in_gb > 0 ? [local.image_to_use_node] : []
@@ -740,12 +646,6 @@ resource "openstack_networking_port_v2" "k8s_node_no_floating_ip_port" {
  port_security_enabled = var.force_null_port_security ? null : var.port_security_enabled
  security_group_ids    = var.port_security_enabled ? local.worker_sec_groups : null
  no_security_groups    = var.port_security_enabled ? null : false
  dynamic "fixed_ip" {
    for_each = var.private_subnet_id == "" ? [] : [true]
    content {
      subnet_id = var.private_subnet_id
    }
  }
  depends_on = [
    var.network_router_id
@@ -759,7 +659,7 @@ resource "openstack_compute_instance_v2" "k8s_node_no_floating_ip" {
  image_id          = var.node_root_volume_size_in_gb == 0 ? local.image_to_use_node : null
  flavor_id         = var.flavor_k8s_node
  key_pair          = openstack_compute_keypair_v2.k8s.name
-  user_data         = data.cloudinit_config.cloudinit.rendered
+  user_data         = data.template_file.cloudinit.rendered
  dynamic "block_device" {
    for_each = var.node_root_volume_size_in_gb > 0 ? [local.image_to_use_node] : []
@@ -779,9 +679,9 @@ resource "openstack_compute_instance_v2" "k8s_node_no_floating_ip" {
  }
  dynamic "scheduler_hints" {
-    for_each = var.node_server_group_policy != "" ? [openstack_compute_servergroup_v2.k8s_node[0].id] : []
+    for_each = var.node_server_group_policy != "" ? [openstack_compute_servergroup_v2.k8s_node[0]] : []
    content {
-      group = scheduler_hints.value
+      group = openstack_compute_servergroup_v2.k8s_node[0].id
    }
  }
@@ -796,17 +696,11 @@ resource "openstack_compute_instance_v2" "k8s_node_no_floating_ip" {
 resource "openstack_networking_port_v2" "k8s_nodes_port" {
  for_each              = var.number_of_k8s_nodes == 0 && var.number_of_k8s_nodes_no_floating_ip == 0 ? var.k8s_nodes : {}
  name                  = "${var.cluster_name}-k8s-node-${each.key}"
-  network_id            = local.k8s_nodes_settings[each.key].network_id
+  network_id            = var.use_existing_network ? data.openstack_networking_network_v2.k8s_network[0].id : var.network_id
  admin_state_up        = "true"
  port_security_enabled = var.force_null_port_security ? null : var.port_security_enabled
  security_group_ids    = var.port_security_enabled ? local.worker_sec_groups : null
  no_security_groups    = var.port_security_enabled ? null : false
  dynamic "fixed_ip" {
    for_each = var.private_subnet_id == "" ? [] : [true]
    content {
      subnet_id = var.private_subnet_id
    }
  }
  depends_on = [
    var.network_router_id
@@ -817,20 +711,18 @@ resource "openstack_compute_instance_v2" "k8s_nodes" {
  for_each          = var.number_of_k8s_nodes == 0 && var.number_of_k8s_nodes_no_floating_ip == 0 ? var.k8s_nodes : {}
  name              = "${var.cluster_name}-k8s-node-${each.key}"
  availability_zone = each.value.az
-  image_id          = local.k8s_nodes_settings[each.key].use_local_disk ? local.k8s_nodes_settings[each.key].image_id : null
+  image_id          = var.node_root_volume_size_in_gb == 0 ? local.image_to_use_node : null
  flavor_id         = each.value.flavor
  key_pair          = openstack_compute_keypair_v2.k8s.name
-  user_data         = each.value.cloudinit != null ? templatefile("${path.module}/templates/cloudinit.yaml.tmpl", {
+  user_data         = data.template_file.cloudinit.rendered
    extra_partitions = each.value.cloudinit.extra_partitions
  }) : data.cloudinit_config.cloudinit.rendered
  dynamic "block_device" {
-    for_each = !local.k8s_nodes_settings[each.key].use_local_disk ? [local.k8s_nodes_settings[each.key].image_id] : []
+    for_each = var.node_root_volume_size_in_gb > 0 ? [local.image_to_use_node] : []
    content {
-      uuid                  = block_device.value
+      uuid                  = local.image_to_use_node
      source_type           = "image"
-      volume_size           = local.k8s_nodes_settings[each.key].volume_size
+      volume_size           = var.node_root_volume_size_in_gb
-      volume_type           = local.k8s_nodes_settings[each.key].volume_type
+      volume_type           = var.node_volume_type
      boot_index            = 0
      destination_type      = "volume"
      delete_on_termination = true
@@ -842,15 +734,15 @@ resource "openstack_compute_instance_v2" "k8s_nodes" {
  }
  dynamic "scheduler_hints" {
-    for_each = local.k8s_nodes_settings[each.key].server_group
+    for_each = var.node_server_group_policy != "" ? [openstack_compute_servergroup_v2.k8s_node[0]] : []
    content {
-      group = scheduler_hints.value
+      group = openstack_compute_servergroup_v2.k8s_node[0].id
    }
  }
  metadata = {
    ssh_user         = var.ssh_user
-    kubespray_groups = "kube_node,k8s_cluster,%{if each.value.floating_ip == false}no_floating,%{endif}${var.supplementary_node_groups}${each.value.extra_groups != null ? ",${each.value.extra_groups}" : ""}"
+    kubespray_groups = "kube_node,k8s_cluster,%{if each.value.floating_ip == false}no_floating,%{endif}${var.supplementary_node_groups}"
    depends_on       = var.network_router_id
    use_access_ip    = var.use_access_ip
  }
@@ -868,12 +760,6 @@ resource "openstack_networking_port_v2" "glusterfs_node_no_floating_ip_port" {
  port_security_enabled = var.force_null_port_security ? null : var.port_security_enabled
  security_group_ids    = var.port_security_enabled ? local.gfs_sec_groups : null
  no_security_groups    = var.port_security_enabled ? null : false
  dynamic "fixed_ip" {
    for_each = var.private_subnet_id == "" ? [] : [true]
    content {
      subnet_id = var.private_subnet_id
    }
  }
  depends_on = [
    var.network_router_id
--- a/contrib/terraform/openstack/modules/compute/templates/cloudinit.yaml
+++ b/contrib/terraform/openstack/modules/compute/templates/cloudinit.yaml
@@ -0,0 +1,17 @@
 # yamllint disable rule:comments
 #cloud-config
 ## in some cases novnc console access is required
 ## it requires ssh password to be set
 #ssh_pwauth: yes
 #chpasswd:
 #  list: |
 #    root:secret
 #  expire: False
 ## in some cases direct root ssh access via ssh key is required
 #disable_root: false
 ## in some cases additional CA certs are required
 #ca-certs:
 #  trusted: |
 #      -----BEGIN CERTIFICATE-----
--- a/contrib/terraform/openstack/modules/compute/templates/cloudinit.yaml.tmpl
+++ b/contrib/terraform/openstack/modules/compute/templates/cloudinit.yaml.tmpl
@@ -1,39 +0,0 @@
 %{~ if length(extra_partitions) > 0 }
 #cloud-config
 bootcmd:
 %{~ for idx, partition in extra_partitions }
 - [ cloud-init-per, once, move-second-header, sgdisk, --move-second-header, ${partition.volume_path} ]
 - [ cloud-init-per, once, create-part-${idx}, parted, --script, ${partition.volume_path}, 'mkpart extended ext4 ${partition.partition_start} ${partition.partition_end}' ]
 - [ cloud-init-per, once, create-fs-part-${idx}, mkfs.ext4, ${partition.partition_path} ]
 %{~ endfor }
 runcmd:
 %{~ for idx, partition in extra_partitions }
  - mkdir -p ${partition.mount_path}
  - chown nobody:nogroup ${partition.mount_path}
  - mount ${partition.partition_path} ${partition.mount_path}
 %{~ endfor }
 mounts:
 %{~ for idx, partition in extra_partitions }
  - [ ${partition.partition_path}, ${partition.mount_path} ]
 %{~ endfor }
 %{~ else ~}
 # yamllint disable rule:comments
 #cloud-config
 ## in some cases novnc console access is required
 ## it requires ssh password to be set
 #ssh_pwauth: yes
 #chpasswd:
 #  list: |
 #    root:secret
 #  expire: False
 ## in some cases direct root ssh access via ssh key is required
 #disable_root: false
 ## in some cases additional CA certs are required
 #ca-certs:
 #  trusted: |
 #      -----BEGIN CERTIFICATE-----
 %{~ endif }
--- a/contrib/terraform/openstack/modules/compute/variables.tf
+++ b/contrib/terraform/openstack/modules/compute/variables.tf
@@ -116,48 +116,9 @@ variable "k8s_allowed_egress_ips" {
  type = list
 }
-variable "k8s_masters" {
+variable "k8s_masters" {}
  type = map(object({
    az                     = string
    flavor                 = string
    floating_ip            = bool
    etcd                   = bool
    image_id               = optional(string)
    root_volume_size_in_gb = optional(number)
    volume_type            = optional(string)
    network_id             = optional(string)
  }))
 }
-variable "k8s_nodes" {
+variable "k8s_nodes" {}
  type = map(object({
    az                     = string
    flavor                 = string
    floating_ip            = bool
    extra_groups           = optional(string)
    image_id               = optional(string)
    root_volume_size_in_gb = optional(number)
    volume_type            = optional(string)
    network_id             = optional(string)
    additional_server_groups = optional(list(string))
    server_group           = optional(string)
    cloudinit              = optional(object({
      extra_partitions = list(object({
        volume_path     = string
        partition_path  = string
        partition_start = string
        partition_end   = string
        mount_path      = string
      }))
    }))
  }))
 }
 variable "additional_server_groups" {
  type = map(object({
    policy = string
  }))
 }
 variable "supplementary_master_groups" {
  default = ""
@@ -175,10 +136,6 @@ variable "worker_allowed_ports" {
  type = list
 }
 variable "bastion_allowed_ports" {
  type = list
 }
 variable "use_access_ip" {}
 variable "master_server_group_policy" {
@@ -228,7 +185,3 @@ variable "port_security_enabled" {
 variable "force_null_port_security" {
  type = bool
 }
 variable "private_subnet_id" {
  type = string
 }
--- a/contrib/terraform/openstack/modules/compute/versions.tf
+++ b/contrib/terraform/openstack/modules/compute/versions.tf
@@ -4,5 +4,5 @@ terraform {
      source = "terraform-provider-openstack/openstack"
    }
  }
-  required_version = ">= 1.3.0"
+  required_version = ">= 0.12.26"
 }
--- a/contrib/terraform/openstack/modules/ips/main.tf
+++ b/contrib/terraform/openstack/modules/ips/main.tf
@@ -44,3 +44,4 @@ resource "openstack_networking_floatingip_v2" "k8s_nodes" {
  pool       = var.floatingip_pool
  depends_on = [null_resource.dummy_dependency]
 }
--- a/contrib/terraform/openstack/sample-inventory/cluster.tfvars
+++ b/contrib/terraform/openstack/sample-inventory/cluster.tfvars
@@ -86,4 +86,4 @@ floatingip_pool = "<pool>"
 bastion_allowed_remote_ips = ["0.0.0.0/0"]
 # Force port security to be null. Some cloud providers do not allow to set port security.
-# force_null_port_security = false
+# force_null_port_security = false
--- a/contrib/terraform/openstack/variables.tf
+++ b/contrib/terraform/openstack/variables.tf
@@ -257,12 +257,6 @@ variable "worker_allowed_ports" {
  ]
 }
 variable "bastion_allowed_ports" {
  type = list(any)
  default = []
 }
 variable "use_access_ip" {
  default = 1
 }
@@ -300,13 +294,6 @@ variable "k8s_nodes" {
  default = {}
 }
 variable "additional_server_groups" {
  default = {}
  type = map(object({
    policy = string
  }))
 }
 variable "extra_sec_groups" {
  default = false
 }
--- a/contrib/terraform/openstack/versions.tf
+++ b/contrib/terraform/openstack/versions.tf
@@ -5,5 +5,5 @@ terraform {
      version = "~> 1.17"
    }
  }
-  required_version = ">= 1.3.0"
+  required_version = ">= 0.12.26"
 }
--- a/contrib/terraform/terraform.py
+++ b/contrib/terraform/terraform.py
@@ -194,19 +194,9 @@ def parse_bool(string_form):
    else:
        raise ValueError('could not convert %r to a bool' % string_form)
 def sanitize_groups(groups):
    _groups = []
    chars_to_replace = ['+', '-', '=', '.', '/', ' ']
    for i in groups:
        _i = i
        for char in chars_to_replace:
            _i = _i.replace(char, '_')
        _groups.append(_i)
    groups.clear()
    groups.extend(_groups)
-@parses('equinix_metal_device')
+@parses('metal_device')
-def equinix_metal_device(resource, tfvars=None):
+def metal_device(resource, tfvars=None):
    raw_attrs = resource['primary']['attributes']
    name = raw_attrs['hostname']
    groups = []
@@ -230,7 +220,7 @@ def equinix_metal_device(resource, tfvars=None):
        'ipv6_address': raw_attrs['network.1.address'],
        'public_ipv6': raw_attrs['network.1.address'],
        'private_ipv4': raw_attrs['network.2.address'],
-        'provider': 'equinix',
+        'provider': 'metal',
    }
    if raw_attrs['operating_system'] == 'flatcar_stable':
@@ -238,14 +228,13 @@ def equinix_metal_device(resource, tfvars=None):
        attrs.update({'ansible_ssh_user': 'core'})
    # add groups based on attrs
-    groups.append('equinix_metal_operating_system_%s' % attrs['operating_system'])
+    groups.append('metal_operating_system=' + attrs['operating_system'])
-    groups.append('equinix_metal_locked_%s' % attrs['locked'])
+    groups.append('metal_locked=%s' % attrs['locked'])
-    groups.append('equinix_metal_state_%s' % attrs['state'])
+    groups.append('metal_state=' + attrs['state'])
-    groups.append('equinix_metal_plan_%s' % attrs['plan'])
+    groups.append('metal_plan=' + attrs['plan'])
    # groups specific to kubespray
    groups = groups + attrs['tags']
    sanitize_groups(groups)
    return name, attrs, groups
@@ -284,6 +273,8 @@ def openstack_host(resource, module_name):
        'network': parse_attr_list(raw_attrs, 'network'),
        'region': raw_attrs.get('region', ''),
        'security_groups': parse_list(raw_attrs, 'security_groups'),
        # ansible
        'ansible_ssh_port': 22,
        # workaround for an OpenStack bug where hosts have a different domain
        # after they're restarted
        'host_domain': 'novalocal',
@@ -298,9 +289,6 @@ def openstack_host(resource, module_name):
    if 'floating_ip' in raw_attrs:
        attrs['private_ipv4'] = raw_attrs['network.0.fixed_ip_v4']
    if 'metadata.use_access_ip' in raw_attrs and raw_attrs['metadata.use_access_ip'] == "0":
        attrs.pop('access_ip')
    try:
        if 'metadata.prefer_ipv6' in raw_attrs and raw_attrs['metadata.prefer_ipv6'] == "1":
            attrs.update({
@@ -319,9 +307,7 @@ def openstack_host(resource, module_name):
    # attrs specific to Ansible
    if 'metadata.ssh_user' in raw_attrs:
-        attrs['ansible_user'] = raw_attrs['metadata.ssh_user']
+        attrs['ansible_ssh_user'] = raw_attrs['metadata.ssh_user']
    if 'metadata.ssh_port' in raw_attrs:
        attrs['ansible_port'] = raw_attrs['metadata.ssh_port']
    if 'volume.#' in list(raw_attrs.keys()) and int(raw_attrs['volume.#']) > 0:
        device_index = 1
@@ -348,8 +334,6 @@ def openstack_host(resource, module_name):
    for group in attrs['metadata'].get('kubespray_groups', "").split(","):
        groups.append(group)
    sanitize_groups(groups)
    return name, attrs, groups
--- a/contrib/terraform/upcloud/README.md
+++ b/contrib/terraform/upcloud/README.md
@@ -136,8 +136,4 @@ terraform destroy --var-file cluster-settings.tfvars \
 * `loadbalancer_plan`: Plan to use for load balancer *(development|production-small)*
 * `loadbalancers`: Ports to load balance and which machines to forward to. Key of this object will be used as the name of the load balancer frontends/backends
  * `port`: Port to load balance.
  * `target_port`: Port to the backend servers.
  * `backend_servers`: List of servers that traffic to the port should be forwarded to.
 * `server_groups`: Group servers together
  * `servers`: The servers that should be included in the group.
  * `anti_affinity`: If anti-affinity should be enabled, try to spread the VMs out on separate nodes.
--- a/contrib/terraform/upcloud/cluster-settings.tfvars
+++ b/contrib/terraform/upcloud/cluster-settings.tfvars
@@ -121,7 +121,6 @@ loadbalancer_plan    = "development"
 loadbalancers = {
  # "http" : {
  #   "port" : 80,
  #   "target_port" : 80,
  #   "backend_servers" : [
  #     "worker-0",
  #     "worker-1",
@@ -129,20 +128,3 @@ loadbalancers = {
  #   ]
  # }
 }
 server_groups = {
  # "control-plane" = {
  #   servers = [
  #     "master-0"
  #   ]
  #   anti_affinity = true
  # },
  # "workers" = {
  #   servers = [
  #     "worker-0",
  #     "worker-1",
  #     "worker-2"
  #   ]
  #   anti_affinity = true
  # }
 }
--- a/contrib/terraform/upcloud/main.tf
+++ b/contrib/terraform/upcloud/main.tf
@@ -34,8 +34,6 @@ module "kubernetes" {
  loadbalancer_enabled = var.loadbalancer_enabled
  loadbalancer_plan    = var.loadbalancer_plan
  loadbalancers        = var.loadbalancers
  server_groups = var.server_groups
 }
 #
--- a/contrib/terraform/upcloud/modules/kubernetes-cluster/main.tf
+++ b/contrib/terraform/upcloud/modules/kubernetes-cluster/main.tf
@@ -13,7 +13,7 @@ locals {
  lb_backend_servers = flatten([
    for lb_name, loadbalancer in var.loadbalancers : [
      for backend_server in loadbalancer.backend_servers : {
-        port = loadbalancer.target_port
+        port = loadbalancer.port
        lb_name = lb_name
        server_name = backend_server
      }
@@ -80,7 +80,7 @@ resource "upcloud_server" "master" {
  lifecycle {
    ignore_changes = [storage_devices]
  }
-
+  
  firewall  = var.firewall_enabled
  dynamic "storage_devices" {
@@ -251,8 +251,8 @@ resource "upcloud_firewall_rules" "master" {
    content {
      action                 = "accept"
      comment                = "UpCloud DNS"
-      source_port_end        = "53"
+      destination_port_end   = "53"
-      source_port_start      = "53"
+      destination_port_start = "53"
      direction              = "in"
      family                 = "IPv4"
      protocol               = firewall_rule.value
@@ -267,8 +267,8 @@ resource "upcloud_firewall_rules" "master" {
    content {
      action                 = "accept"
      comment                = "UpCloud DNS"
-      source_port_end        = "53"
+      destination_port_end   = "53"
-      source_port_start      = "53"
+      destination_port_start = "53"
      direction              = "in"
      family                 = "IPv4"
      protocol               = firewall_rule.value
@@ -283,8 +283,8 @@ resource "upcloud_firewall_rules" "master" {
    content {
      action                 = "accept"
      comment                = "UpCloud DNS"
-      source_port_end        = "53"
+      destination_port_end   = "53"
-      source_port_start      = "53"
+      destination_port_start = "53"
      direction              = "in"
      family                 = "IPv6"
      protocol               = firewall_rule.value
@@ -299,8 +299,8 @@ resource "upcloud_firewall_rules" "master" {
    content {
      action                 = "accept"
      comment                = "UpCloud DNS"
-      source_port_end        = "53"
+      destination_port_end   = "53"
-      source_port_start      = "53"
+      destination_port_start = "53"
      direction              = "in"
      family                 = "IPv6"
      protocol               = firewall_rule.value
@@ -315,8 +315,8 @@ resource "upcloud_firewall_rules" "master" {
    content {
      action                 = "accept"
      comment                = "NTP Port"
-      source_port_end        = "123"
+      destination_port_end   = "123"
-      source_port_start      = "123"
+      destination_port_start = "123"
      direction              = "in"
      family                 = "IPv4"
      protocol               = firewall_rule.value
@@ -325,20 +325,6 @@ resource "upcloud_firewall_rules" "master" {
    }
  }
  dynamic firewall_rule {
    for_each = var.firewall_default_deny_in ? ["udp"] : []
    content {
      action                 = "accept"
      comment                = "NTP Port"
      source_port_end        = "123"
      source_port_start      = "123"
      direction              = "in"
      family                 = "IPv6"
      protocol               = firewall_rule.value
    }
  }
  firewall_rule {
    action    = var.firewall_default_deny_in ? "drop" : "accept"
    direction = "in"
@@ -408,8 +394,8 @@ resource "upcloud_firewall_rules" "k8s" {
    content {
      action                 = "accept"
      comment                = "UpCloud DNS"
-      source_port_end        = "53"
+      destination_port_end   = "53"
-      source_port_start      = "53"
+      destination_port_start = "53"
      direction              = "in"
      family                 = "IPv4"
      protocol               = firewall_rule.value
@@ -424,8 +410,8 @@ resource "upcloud_firewall_rules" "k8s" {
    content {
      action                 = "accept"
      comment                = "UpCloud DNS"
-      source_port_end        = "53"
+      destination_port_end   = "53"
-      source_port_start      = "53"
+      destination_port_start = "53"
      direction              = "in"
      family                 = "IPv4"
      protocol               = firewall_rule.value
@@ -440,8 +426,8 @@ resource "upcloud_firewall_rules" "k8s" {
    content {
      action                 = "accept"
      comment                = "UpCloud DNS"
-      source_port_end        = "53"
+      destination_port_end   = "53"
-      source_port_start      = "53"
+      destination_port_start = "53"
      direction              = "in"
      family                 = "IPv6"
      protocol               = firewall_rule.value
@@ -456,8 +442,8 @@ resource "upcloud_firewall_rules" "k8s" {
    content {
      action                 = "accept"
      comment                = "UpCloud DNS"
-      source_port_end        = "53"
+      destination_port_end   = "53"
-      source_port_start      = "53"
+      destination_port_start = "53"
      direction              = "in"
      family                 = "IPv6"
      protocol               = firewall_rule.value
@@ -472,8 +458,8 @@ resource "upcloud_firewall_rules" "k8s" {
    content {
      action                 = "accept"
      comment                = "NTP Port"
-      source_port_end        = "123"
+      destination_port_end   = "123"
-      source_port_start      = "123"
+      destination_port_start = "123"
      direction              = "in"
      family                 = "IPv4"
      protocol               = firewall_rule.value
@@ -482,20 +468,6 @@ resource "upcloud_firewall_rules" "k8s" {
    }
  }
  dynamic firewall_rule {
    for_each = var.firewall_default_deny_in ? ["udp"] : []
    content {
      action                 = "accept"
      comment                = "NTP Port"
      source_port_end        = "123"
      source_port_start      = "123"
      direction              = "in"
      family                 = "IPv6"
      protocol               = firewall_rule.value
    }
  }
  firewall_rule {
    action    = var.firewall_default_deny_in ? "drop" : "accept"
    direction = "in"
@@ -525,7 +497,7 @@ resource "upcloud_loadbalancer_backend" "lb_backend" {
 resource "upcloud_loadbalancer_frontend" "lb_frontend" {
  for_each = var.loadbalancer_enabled ? var.loadbalancers : {}
-
+  
  loadbalancer         = upcloud_loadbalancer.lb[0].id
  name                 = "lb-frontend-${each.key}"
  mode                 = "tcp"
@@ -535,7 +507,7 @@ resource "upcloud_loadbalancer_frontend" "lb_frontend" {
 resource "upcloud_loadbalancer_static_backend_member" "lb_backend_member" {
  for_each = {
-    for be_server in local.lb_backend_servers:
+    for be_server in local.lb_backend_servers: 
      "${be_server.server_name}-lb-backend-${be_server.lb_name}" => be_server
      if var.loadbalancer_enabled
  }
@@ -548,11 +520,3 @@ resource "upcloud_loadbalancer_static_backend_member" "lb_backend_member" {
  max_sessions = var.loadbalancer_plan == "production-small" ? 50000 : 1000
  enabled      = true
 }
 resource "upcloud_server_group" "server_groups" {
  for_each      = var.server_groups
  title         = each.key
  anti_affinity = each.value.anti_affinity
  labels        = {}
  members       = [for server in each.value.servers : merge(upcloud_server.master, upcloud_server.worker)[server].id]
 }
--- a/contrib/terraform/upcloud/modules/kubernetes-cluster/variables.tf
+++ b/contrib/terraform/upcloud/modules/kubernetes-cluster/variables.tf
@@ -90,16 +90,6 @@ variable "loadbalancers" {
  type = map(object({
    port            = number
    target_port     = number
    backend_servers = list(string)
  }))
 }
 variable "server_groups" {
  description = "Server groups"
  type = map(object({
    anti_affinity   = bool
    servers = list(string)
  }))
 }
--- a/contrib/terraform/upcloud/modules/kubernetes-cluster/versions.tf
+++ b/contrib/terraform/upcloud/modules/kubernetes-cluster/versions.tf
@@ -3,7 +3,7 @@ terraform {
  required_providers {
    upcloud = {
      source = "UpCloudLtd/upcloud"
-      version = "~>2.7.1"
+      version = "~>2.5.0"
    }
  }
  required_version = ">= 0.13"
--- a/contrib/terraform/upcloud/sample-inventory/cluster.tfvars
+++ b/contrib/terraform/upcloud/sample-inventory/cluster.tfvars
@@ -122,7 +122,6 @@ loadbalancer_plan = "development"
 loadbalancers = {
  # "http" : {
  #   "port" : 80,
  #   "target_port" : 80,
  #   "backend_servers" : [
  #     "worker-0",
  #     "worker-1",
@@ -130,20 +129,3 @@ loadbalancers = {
  #   ]
  # }
 }
 server_groups = {
  # "control-plane" = {
  #   servers = [
  #     "master-0"
  #   ]
  #   anti_affinity = true
  # },
  # "workers" = {
  #   servers = [
  #     "worker-0",
  #     "worker-1",
  #     "worker-2"
  #   ]
  #   anti_affinity = true
  # }
 }
--- a/contrib/terraform/upcloud/variables.tf
+++ b/contrib/terraform/upcloud/variables.tf
@@ -126,19 +126,7 @@ variable "loadbalancers" {
  type = map(object({
    port            = number
    target_port     = number
    backend_servers = list(string)
  }))
  default = {}
 }
 variable "server_groups" {
  description = "Server groups"
  type = map(object({
    anti_affinity = bool
    servers       = list(string)
  }))
  default = {}
 }
--- a/contrib/terraform/upcloud/versions.tf
+++ b/contrib/terraform/upcloud/versions.tf
@@ -3,7 +3,7 @@ terraform {
  required_providers {
    upcloud = {
      source  = "UpCloudLtd/upcloud"
-      version = "~>2.7.1"
+      version = "~>2.5.0"
    }
  }
  required_version = ">= 0.13"
--- a/contrib/terraform/vsphere/variables.tf
+++ b/contrib/terraform/vsphere/variables.tf
@@ -23,9 +23,7 @@ variable "vsphere_datastore" {}
 variable "vsphere_user" {}
-variable "vsphere_password" {
+variable "vsphere_password" {}
  sensitive = true
 }
 variable "vsphere_server" {}
--- a/contrib/terraform/vsphere/versions.tf
+++ b/contrib/terraform/vsphere/versions.tf
@@ -4,6 +4,12 @@ terraform {
      source  = "hashicorp/vsphere"
      version = ">= 1.24.3"
    }
    null = {
      source = "hashicorp/null"
    }
    template = {
      source = "hashicorp/template"
    }
  }
  required_version = ">= 0.13"
 }
--- a/docs/_sidebar.md
+++ b/docs/_sidebar.md
@@ -37,8 +37,6 @@
  * [CentOS/OracleLinux/AlmaLinux/Rocky Linux](docs/centos.md)
  * [Kylin Linux Advanced Server V10](docs/kylinlinux.md)
  * [Amazon Linux 2](docs/amazonlinux.md)
  * [UOS Linux](docs/uoslinux.md)
  * [openEuler notes](docs/openeuler.md)
 * CRI
  * [Containerd](docs/containerd.md)
  * [Docker](docs/docker.md)
--- a/docs/amazonlinux.md
+++ b/docs/amazonlinux.md
@@ -5,7 +5,7 @@ Amazon Linux is supported with docker,containerd and cri-o runtimes.
 **Note:** that Amazon Linux is not currently covered in kubespray CI and
 support for it is currently considered experimental.
-Amazon Linux 2, while derived from the Redhat OS family, does not keep in
+Amazon Linux 2, while derrived from the Redhat OS family, does not keep in
 sync with RHEL upstream like CentOS/AlmaLinux/Oracle Linux. In order to use
 Amazon Linux as the ansible host for your kubespray deployments you need to
 manually install `python3` and deploy ansible and kubespray dependencies in
--- a/docs/ansible.md
+++ b/docs/ansible.md
@@ -3,7 +3,7 @@
 ## Installing Ansible
 Kubespray supports multiple ansible versions and ships different `requirements.txt` files for them.
-Depending on your available python version you may be limited in choosing which ansible version to use.
+Depending on your available python version you may be limited in chooding which ansible version to use.
 It is recommended to deploy the ansible version used by kubespray into a python virtual environment.
@@ -15,6 +15,9 @@ virtualenv  --python=$(which python3) $VENVDIR
 source $VENVDIR/bin/activate
 cd $KUBESPRAYDIR
 pip install -U -r requirements-$ANSIBLE_VERSION.txt
 test -f requirements-$ANSIBLE_VERSION.yml && \
  ansible-galaxy role install -r requirements-$ANSIBLE_VERSION.yml && \
  ansible-galaxy collection -r requirements-$ANSIBLE_VERSION.yml
 ```
 ### Ansible Python Compatibility
@@ -22,7 +25,7 @@ pip install -U -r requirements-$ANSIBLE_VERSION.txt
 Based on the table below and the available python version for your ansible host you should choose the appropriate ansible version to use with kubespray.
 | Ansible Version | Python Version |
-|-----------------|----------------|
+| --------------- | -------------- |
 | 2.11            | 2.7,3.5-3.9    |
 | 2.12            | 3.8-3.10       |
@@ -101,134 +104,135 @@ the `-e` runtime flags (most simple way) or other layers described in the docs.
 Kubespray uses only a few layers to override things (or expect them to
 be overridden for roles):
-| Layer                                  | Comment                                                                      |
+Layer | Comment
-|----------------------------------------|------------------------------------------------------------------------------|
+------|--------
-| **role defaults**                      | provides best UX to override things for Kubespray deployments                |
+**role defaults** | provides best UX to override things for Kubespray deployments
-| inventory vars                         | Unused                                                                       |
+inventory vars | Unused
-| **inventory group_vars**               | Expects users to use ``all.yml``,``k8s_cluster.yml`` etc. to override things |
+**inventory group_vars** | Expects users to use ``all.yml``,``k8s_cluster.yml`` etc. to override things
-| inventory host_vars                    | Unused                                                                       |
+inventory host_vars | Unused
-| playbook group_vars                    | Unused                                                                       |
+playbook group_vars | Unused
-| playbook host_vars                     | Unused                                                                       |
+playbook host_vars | Unused
-| **host facts**                         | Kubespray overrides for internal roles' logic, like state flags              |
+**host facts** | Kubespray overrides for internal roles' logic, like state flags
-| play vars                              | Unused                                                                       |
+play vars | Unused
-| play vars_prompt                       | Unused                                                                       |
+play vars_prompt | Unused
-| play vars_files                        | Unused                                                                       |
+play vars_files | Unused
-| registered vars                        | Unused                                                                       |
+registered vars | Unused
-| set_facts                              | Kubespray overrides those, for some places                                   |
+set_facts | Kubespray overrides those, for some places
-| **role and include vars**              | Provides bad UX to override things! Use extra vars to enforce                |
+**role and include vars** | Provides bad UX to override things! Use extra vars to enforce
-| block vars (only for tasks in block)   | Kubespray overrides for internal roles' logic                                |
+block vars (only for tasks in block) | Kubespray overrides for internal roles' logic
-| task vars (only for the task)          | Unused for roles, but only for helper scripts                                |
+task vars (only for the task) | Unused for roles, but only for helper scripts
-| **extra vars** (always win precedence) | override with ``ansible-playbook -e @foo.yml``                               |
+**extra vars** (always win precedence) | override with ``ansible-playbook -e @foo.yml``
 ## Ansible tags
 The following tags are defined in playbooks:
-| Tag name                       | Used for                                              |
+|                       Tag name | Used for
-|--------------------------------|-------------------------------------------------------|
+|--------------------------------|---------
-| annotate                       | Create kube-router annotation                         |
+|                       annotate | Create kube-router annotation
-| apps                           | K8s apps definitions                                  |
+|                           apps | K8s apps definitions
-| asserts                        | Check tasks for download role                         |
+|                        asserts | Check tasks for download role
-| aws-ebs-csi-driver             | Configuring csi driver: aws-ebs                       |
+|             aws-ebs-csi-driver | Configuring csi driver: aws-ebs
-| azure-csi-driver               | Configuring csi driver: azure                         |
+|               azure-csi-driver | Configuring csi driver: azure
-| bastion                        | Setup ssh config for bastion                          |
+|                        bastion | Setup ssh config for bastion
-| bootstrap-os                   | Anything related to host OS configuration             |
+|                   bootstrap-os | Anything related to host OS configuration
-| calico                         | Network plugin Calico                                 |
+|                         calico | Network plugin Calico
-| calico_rr                      | Configuring Calico route reflector                    |
+|                      calico_rr | Configuring Calico route reflector
-| cephfs-provisioner             | Configuring CephFS                                    |
+|                          canal | Network plugin Canal
-| cert-manager                   | Configuring certificate manager for K8s               |
+|             cephfs-provisioner | Configuring CephFS
-| cilium                         | Network plugin Cilium                                 |
+|                   cert-manager | Configuring certificate manager for K8s
-| cinder-csi-driver              | Configuring csi driver: cinder                        |
+|                         cilium | Network plugin Cilium
-| client                         | Kubernetes clients role                               |
+|              cinder-csi-driver | Configuring csi driver: cinder
-| cloud-provider                 | Cloud-provider related tasks                          |
+|                         client | Kubernetes clients role
-| cluster-roles                  | Configuring cluster wide application (psp ...)        |
+|                 cloud-provider | Cloud-provider related tasks
-| cni                            | CNI plugins for Network Plugins                       |
+|                  cluster-roles | Configuring cluster wide application (psp ...)
-| containerd                     | Configuring containerd engine runtime for hosts       |
+|                            cni | CNI plugins for Network Plugins
-| container_engine_accelerator   | Enable nvidia accelerator for runtimes                |
+|                     containerd | Configuring containerd engine runtime for hosts
-| container-engine               | Configuring container engines                         |
+|   container_engine_accelerator | Enable nvidia accelerator for runtimes
-| container-runtimes             | Configuring container runtimes                        |
+|               container-engine | Configuring container engines
-| coredns                        | Configuring coredns deployment                        |
+|             container-runtimes | Configuring container runtimes
-| crio                           | Configuring crio container engine for hosts           |
+|                        coredns | Configuring coredns deployment
-| crun                           | Configuring crun runtime                              |
+|                           crio | Configuring crio container engine for hosts
-| csi-driver                     | Configuring csi driver                                |
+|                           crun | Configuring crun runtime
-| dashboard                      | Installing and configuring the Kubernetes Dashboard   |
+|                     csi-driver | Configuring csi driver
-| dns                            | Remove dns entries when resetting                     |
+|                      dashboard | Installing and configuring the Kubernetes Dashboard
-| docker                         | Configuring docker engine runtime for hosts           |
+|                            dns | Remove dns entries when resetting
-| download                       | Fetching container images to a delegate host          |
+|                         docker | Configuring docker engine runtime for hosts
-| etcd                           | Configuring etcd cluster                              |
+|                       download | Fetching container images to a delegate host
-| etcd-secrets                   | Configuring etcd certs/keys                           |
+|                           etcd | Configuring etcd cluster
-| etchosts                       | Configuring /etc/hosts entries for hosts              |
+|                   etcd-secrets | Configuring etcd certs/keys
-| external-cloud-controller      | Configure cloud controllers                           |
+|                       etchosts | Configuring /etc/hosts entries for hosts
-| external-openstack             | Cloud controller : openstack                          |
+|      external-cloud-controller | Configure cloud controllers
-| external-provisioner           | Configure external provisioners                       |
+|             external-openstack | Cloud controller : openstack
-| external-vsphere               | Cloud controller : vsphere                            |
+|           external-provisioner | Configure external provisioners
-| facts                          | Gathering facts and misc check results                |
+|               external-vsphere | Cloud controller : vsphere
-| files                          | Remove files when resetting                           |
+|                          facts | Gathering facts and misc check results
-| flannel                        | Network plugin flannel                                |
+|                          files | Remove files when resetting
-| gce                            | Cloud-provider GCP                                    |
+|                        flannel | Network plugin flannel
-| gcp-pd-csi-driver              | Configuring csi driver: gcp-pd                        |
+|                            gce | Cloud-provider GCP
-| gvisor                         | Configuring gvisor runtime                            |
+|              gcp-pd-csi-driver | Configuring csi driver: gcp-pd
-| helm                           | Installing and configuring Helm                       |
+|                         gvisor | Configuring gvisor runtime
-| ingress-controller             | Configure ingress controllers                         |
+|                           helm | Installing and configuring Helm
-| ingress_alb                    | AWS ALB Ingress Controller                            |
+|             ingress-controller | Configure ingress controllers
-| init                           | Windows kubernetes init nodes                         |
+|                    ingress_alb | AWS ALB Ingress Controller
-| iptables                       | Flush and clear iptable when resetting                |
+|                           init | Windows kubernetes init nodes
-| k8s-pre-upgrade                | Upgrading K8s cluster                                 |
+|                       iptables | Flush and clear iptable when resetting
-| k8s-secrets                    | Configuring K8s certs/keys                            |
+|                k8s-pre-upgrade | Upgrading K8s cluster
-| k8s-gen-tokens                 | Configuring K8s tokens                                |
+|                    k8s-secrets | Configuring K8s certs/keys
-| kata-containers                | Configuring kata-containers runtime                   |
+|                 k8s-gen-tokens | Configuring K8s tokens
-| krew                           | Install and manage krew                               |
+|                kata-containers | Configuring kata-containers runtime
-| kubeadm                        | Roles linked to kubeadm tasks                         |
+|                           krew | Install and manage krew
-| kube-apiserver                 | Configuring static pod kube-apiserver                 |
+|                        kubeadm | Roles linked to kubeadm tasks
-| kube-controller-manager        | Configuring static pod kube-controller-manager        |
+|                 kube-apiserver | Configuring static pod kube-apiserver
-| kube-vip                       | Installing and configuring kube-vip                   |
+|        kube-controller-manager | Configuring static pod kube-controller-manager
-| kubectl                        | Installing kubectl and bash completion                |
+|                       kube-vip | Installing and configuring kube-vip
-| kubelet                        | Configuring kubelet service                           |
+|                        kubectl | Installing kubectl and bash completion
-| kube-ovn                       | Network plugin kube-ovn                               |
+|                        kubelet | Configuring kubelet service
-| kube-router                    | Network plugin kube-router                            |
+|                       kube-ovn | Network plugin kube-ovn
-| kube-proxy                     | Configuring static pod kube-proxy                     |
+|                    kube-router | Network plugin kube-router
-| localhost                      | Special steps for the localhost (ansible runner)      |
+|                     kube-proxy | Configuring static pod kube-proxy
-| local-path-provisioner         | Configure External provisioner: local-path            |
+|                      localhost | Special steps for the localhost (ansible runner)
-| local-volume-provisioner       | Configure External provisioner: local-volume          |
+|         local-path-provisioner | Configure External provisioner: local-path
-| macvlan                        | Network plugin macvlan                                |
+|       local-volume-provisioner | Configure External provisioner: local-volume
-| master                         | Configuring K8s master node role                      |
+|                        macvlan | Network plugin macvlan
-| metallb                        | Installing and configuring metallb                    |
+|                         master | Configuring K8s master node role
-| metrics_server                 | Configuring metrics_server                            |
+|                        metallb | Installing and configuring metallb
-| netchecker                     | Installing netchecker K8s app                         |
+|                 metrics_server | Configuring metrics_server
-| network                        | Configuring networking plugins for K8s                |
+|                     netchecker | Installing netchecker K8s app
-| mounts                         | Umount kubelet dirs when reseting                     |
+|                        network | Configuring networking plugins for K8s
-| multus                         | Network plugin multus                                 |
+|                         mounts | Umount kubelet dirs when reseting
-| nginx                          | Configuring LB for kube-apiserver instances           |
+|                         multus | Network plugin multus
-| node                           | Configuring K8s minion (compute) node role            |
+|                          nginx | Configuring LB for kube-apiserver instances
-| nodelocaldns                   | Configuring nodelocaldns daemonset                    |
+|                           node | Configuring K8s minion (compute) node role
-| node-label                     | Tasks linked to labeling of nodes                     |
+|                   nodelocaldns | Configuring nodelocaldns daemonset
-| node-webhook                   | Tasks linked to webhook (grating access to resources) |
+|                     node-label | Tasks linked to labeling of nodes
-| nvidia_gpu                     | Enable nvidia accelerator for runtimes                |
+|                   node-webhook | Tasks linked to webhook (grating access to resources)
-| oci                            | Cloud provider: oci                                   |
+|                     nvidia_gpu | Enable nvidia accelerator for runtimes
-| persistent_volumes             | Configure csi volumes                                 |
+|                            oci | Cloud provider: oci
-| persistent_volumes_aws_ebs_csi | Configuring csi driver: aws-ebs                       |
+|             persistent_volumes | Configure csi volumes
-| persistent_volumes_cinder_csi  | Configuring csi driver: cinder                        |
+| persistent_volumes_aws_ebs_csi | Configuring csi driver: aws-ebs
-| persistent_volumes_gcp_pd_csi  | Configuring csi driver: gcp-pd                        |
+| persistent_volumes_cinder_csi  | Configuring csi driver: cinder
-| persistent_volumes_openstack   | Configuring csi driver: openstack                     |
+| persistent_volumes_gcp_pd_csi  | Configuring csi driver: gcp-pd
-| policy-controller              | Configuring Calico policy controller                  |
+| persistent_volumes_openstack   | Configuring csi driver: openstack
-| post-remove                    | Tasks running post-remove operation                   |
+|              policy-controller | Configuring Calico policy controller
-| post-upgrade                   | Tasks running post-upgrade operation                  |
+|                    post-remove | Tasks running post-remove operation
-| pre-remove                     | Tasks running pre-remove operation                    |
+|                   post-upgrade | Tasks running post-upgrade operation
-| pre-upgrade                    | Tasks running pre-upgrade operation                   |
+|                     pre-remove | Tasks running pre-remove operation
-| preinstall                     | Preliminary configuration steps                       |
+|                    pre-upgrade | Tasks running pre-upgrade operation
-| registry                       | Configuring local docker registry                     |
+|                     preinstall | Preliminary configuration steps
-| reset                          | Tasks running doing the node reset                    |
+|                       registry | Configuring local docker registry
-| resolvconf                     | Configuring /etc/resolv.conf for hosts/apps           |
+|                          reset | Tasks running doing the node reset
-| rbd-provisioner                | Configure External provisioner: rdb                   |
+|                     resolvconf | Configuring /etc/resolv.conf for hosts/apps
-| services                       | Remove services (etcd, kubelet etc...) when resetting |
+|                rbd-provisioner | Configure External provisioner: rdb
-| snapshot                       | Enabling csi snapshot                                 |
+|                       services | Remove services (etcd, kubelet etc...) when resetting
-| snapshot-controller            | Configuring csi snapshot controller                   |
+|                       snapshot | Enabling csi snapshot
-| upgrade                        | Upgrading, f.e. container images/binaries             |
+|            snapshot-controller | Configuring csi snapshot controller
-| upload                         | Distributing images/binaries across hosts             |
+|                        upgrade | Upgrading, f.e. container images/binaries
-| vsphere-csi-driver             | Configuring csi driver: vsphere                       |
+|                         upload | Distributing images/binaries across hosts
-| weave                          | Network plugin Weave                                  |
+|             vsphere-csi-driver | Configuring csi driver: vsphere
-| win_nodes                      | Running windows specific tasks                        |
+|                          weave | Network plugin Weave
-| youki                          | Configuring youki runtime                             |
+|                      win_nodes | Running windows specific tasks
 |                          youki | Configuring youki runtime
 Note: Use the ``bash scripts/gen_tags.sh`` command to generate a list of all
 tags found in the codebase. New tags will be listed with the empty "Used for"
@@ -263,7 +267,7 @@ Note: use `--tags` and `--skip-tags` wise and only if you're 100% sure what you'
 ## Bastion host
 If you prefer to not make your nodes publicly accessible (nodes with private IPs only),
-you can use a so-called _bastion_ host to connect to your nodes. To specify and use a bastion,
+you can use a so called *bastion* host to connect to your nodes. To specify and use a bastion,
 simply add a line to your inventory, where you have to replace x.x.x.x with the public IP of the
 bastion host.
@@ -277,7 +281,7 @@ For more information about Ansible and bastion hosts, read
 ## Mitogen
-Mitogen support is deprecated, please see [mitogen related docs](/docs/mitogen.md) for usage and reasons for deprecation.
+Mitogen support is deprecated, please see [mitogen related docs](/docs/mitogen.md) for useage and reasons for deprecation.
 ## Beyond ansible 2.9
@@ -286,7 +290,7 @@ two projects which are now joined under the Ansible umbrella.
 Ansible-base (2.10.x branch) will contain just the ansible language implementation while
 ansible modules that were previously bundled into a single repository will be part of the
-ansible 3.x package. Please see [this blog post](https://blog.while-true-do.io/ansible-release-3-0-0/)
+ansible 3.x package. Pleasee see [this blog post](https://blog.while-true-do.io/ansible-release-3-0-0/)
 that explains in detail the need and the evolution plan.
 **Note:** this change means that ansible virtual envs cannot be upgraded with `pip install -U`.
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Calin Cristian Andrei	2187882ee0	fix contrib/<file>.md errors identified by markdownlint	2022-08-07 13:47:51 +00:00
Calin Cristian Andrei	4a994c82d1	fix docs/<file>.md errors identified by markdownlint * docs/azure-csi.md * docs/azure.md * docs/bootstrap-os.md * docs/calico.md * docs/debian.md * docs/fcos.md * docs/vagrant.md * docs/gcp-lb.md * docs/kubernetes-apps/registry.md * docs/setting-up-your-first-cluster.md * docs/vagrant.md * docs/vars.md	2022-08-07 12:41:09 +00:00
Calin Cristian Andrei	b074b91ee9	fix docs/integration.md errors identified by markdownlint	2022-08-07 12:13:18 +00:00
Calin Cristian Andrei	b3f7be7135	describe the use of pre-commit hook in CONTRIBUTING.md	2022-08-07 11:58:47 +00:00
Calin Cristian Andrei	d4082da97f	add tmp.md to .gitignore	2022-08-07 11:23:43 +00:00
Calin Cristian Andrei	faecc7420d	add pre-commit hook configuration	2022-08-07 11:21:50 +00:00
`@@ -1,2 +1,2 @@`
	`.generated`	`.generated`
	`/inventory`	`/inventory`
`@@ -1,2 +1,3 @@`
	`#k8s_deployment_user: kubespray`	`#k8s_deployment_user: kubespray`
	`#k8s_deployment_user_pkey_path: /tmp/ssh_rsa`	`#k8s_deployment_user_pkey_path: /tmp/ssh_rsa`
`@@ -41,3 +41,4 @@`

	`# [network-storage:children]`	`# [network-storage:children]`
	`# gfs-cluster`	`# gfs-cluster`